| Table of Contents | ||||
|---|---|---|---|---|
|
Description
This operation returns the array of values of a given map.
How does it work in the search window?
Select Create field in the search window toolbar, then select the Values operation. You need to specify at one argument:
Argument | Data type | ||
|---|---|---|---|
Map mandatory | Map
|
The data type of the values in the new field is Array.
Example
In the siem.logtrust.web.activity table, we want to extract the array values from mapped source and server ports.
To do this, we will first use the Make map operation to map the two ports:
...
You will see the following result:
...
Now we can get the values from the map field.
The arguments needed to create the new field are:
Map - Map
...
Click Create field and you will see the following result:
...
How does it work in LINQ?
Use the operator select... as... and add the operation syntax to create the new field.
This is the syntax for the Values operation.
Use:
| Code Block |
|---|
values(a) |
Example
You can copy the following LINQ script and try the above example on the siem.logtrust.web.activity table.
| Code Block |
|---|
from siem.logtrust.web.activity
select {serverPort: srcPort} as map,
values(map) as Values |