| Table of Contents | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
About complex types
In Devo, complex data types provide flexible and powerful structures for organizing, querying, and manipulating large datasets. These types include set, map, array, and tuple, each with unique properties that allow allowing users to efficiently handle diverse data operations efficiently. This article outlines the key characteristics and operations associated with each data type.
...
| Info |
|---|
The JSON type is not considered a complex type but it is included in this documentation for similarity purposes. Currently, it is not possible to cast JSON natively from/to a complex type natively. |
...
Set
A set in Devo represents an unordered collection of unique values, meaning no duplicates are allowed. The order of elements in a set is not guaranteed, making it ideal for operations where uniqueness is more important than sequence.
...
Test them together in Data Search
| Code Block | ||
|---|---|---|
| ||
from siem.logtrust.web.activity
//create a map
select mkmap("b",7,"c",6,"a",5) as map1
select {"src":srcPort, "serverPort": serverPort} as map2
//Checks if a map is empty
select isempty(map1) as _false
//Returns the length of a map
select length(map1) as _length
//check the occurrence of key "b"?
select map1 -> "b" as _true
//append of new pairs
select map1 + map2 as map3
//subtract pairs
select map3 - map2 as _substract_pairs
select map3 - "b" as _substract_key_b
//return the value of a give key
select map3["b"] as _return_7
//return all the keys or values of a map
select keys(map3) as _keys_set
select values(map3) as _values_array |
...