Versions Compared

Old Version 26

changes.mady.by.user Tomás Lagomarsino

Saved on

compared with

New Version Current

changes.mady.by.user Tomás Lagomarsino

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Test them together in Data Search

Code Block
languagesql
from siem.logtrust.web.activity
//create a set
  select mkset(srcHost,params) as mkset_string
  select {srcHost, params}
//convert an into a set
  select [1,2,3] as array,
  set(array) as toset_int,
//check if the set is empty
  isempty(mkset_string) as isemty,
//what is the length of the array
  length(mkset_string) as length,
//does the set contain a specific item?
  toset_int -> 2 as has,
//add values to a set
  "new value" + mkset_string as add_va,
//join a set. Concatenates all the values of a set
  join(mkset_string, ",") as join_set
//Get distinct values in a set out of a grouped field
  //group select collectdistinct(responseLength) as responseLength_sizedistinct

...

Operation

Description

Syntax

Example

Result Value

Result Type

mkarray or []

Creates an array from elements

mkarray (ele_1, … ,ele_n)
[ele_1, … , ele_n]

mkarray (1.33,2,3,4) mkarray (“One", "two", "Number 3“) 

[ “One", 77 ]

mkarray (domain, responseTime)

[1.33, 2, 3, 4]
[One, two, Number 3]
[One, 77] [self, 12]

array(float) array(str) array(str) array(str)

split

Creates an array by splitting a string field

split (string, string)

split("1.2.3.4", ".")

[1, 2, 3, 4]

array

isempty

Checks if an array is empty

isempty (array)

isempty ([1, 2, 3]) isempty ([ ])

false true

bool

length

Returns the length of an array

length (array)

length ([1, 2, 3, 4, 5, 6])

6

Int

has (->)

Checks the occurrence of a specified value in a given array

•has (array, ele) •array -> ele

has ([30, 2, 77], 77)

[30, 2, 77] -> 77

true

true

bool

in (<-)

Checks the occurrence of a specified value in a given array

`in` (ele, array) ele <- array

`in` (77, [30, 2, 77]) 

77 <- [30, 2, 77]

true

true

bool

add (+)

Appends some value to the end of an array

add (array, ele)
array + ele

add ([30, "Peter", 77], "Ann")
 [30, "Peter", 77] + "Ann"

[30, Peter, 77, Ann]
[30, Peter, 77, Ann]

array(str)
array(str)

add (+)

Concatenates two arrays

add (array_1, array_2)
array_1 + array_2

add ([5, "Peter", 77], [77, "Ann", 400])
[5, "Peter", 77] + [77, "Ann", 400]

[5, Peter, 77, 77, Ann, 400]
[5, Peter, 77, 77, Ann, 400]

array(str)
array(str)

join

Joins the strings of a given
array in a single string
(separataror can be added)

join (array_str)
join (array_str, sep)

join ([1, "Peter", 77, 77, "Ann"])
join ([1, "Peter", 77, 77, "Ann"], “_x_”)

1Peter7777Ann
1_x_Peter_x_77_x_77_x_Ann

str

at or [][]

Returns the n-th element of
an array

at (array, n)
array [n]

at ([10, 20, 3.33, 40], 1)
[10, 20, 3.33, 40] [2]
at ([10, 20, 3.33, "HELLO"], 3)
at ([10, 20, 333, 40], 777)

20
3.33
HELLO
null

float
float
str
int

at or [][]

Returns a subarray between
two indices

at (array, from, to)
array [from, to]

at ([10, 20, 30, 40], 1, 3)
 ["A", "B", "C", "D"] [1, 3]

[20, 30]
["B", "C"]

array(int)
array(str)

indexof

Returns the index of the first
appearance of a value in
an array (-1 if not present)
starting at 0

indexof (array, ele)

indexof ([10, 20, 3.33, 40], 3.33)
indexof ([10, 20, 333, 40], 777)
indexof (["Hello", "my friend"],"Hello")

2
-1
0

int

dropnulls

Drops null elements of a given array

dropnulls (array)

dropnulls ([3, null, 77, null])
dropnulls ([3, null, "HELLO", null])

[3, 77]
[3, HELLO]

array(int)
array(str)

sort

Sorts the elements of a
given array

sort (array)

sort ([3, 77, 30, 1)
sort (["AAA", "aaa", "44", 5])

[1, 3, 30, 77]
[44, 5, AAA, aaa]

array(int)
array(str)

reverse

Reverses the elements of
a given array

reverse
(array)

reverse ([3, 77, 30, 1)
reverse (["AAA", "aaa", "44", 5])

[1, 30, 77, 3]
[5, 44, aaa, AAA]

array(int)
array(str)

sum

Sums the values of a
numeric array

sum (array)

sum([1,2,3,4])
sum([1,2,3.5,4.5])

10
11

Int
float

...