Versions Compared

Old Version 29

changes.mady.by.user Sarah Bigault

Saved on

compared with

New Version Current

changes.mady.by.user Juan Tomás Alonso Nieto

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
maxLevel2
typeflat

...

  • Addition of two or more numbers (float or integer). This operation returns a float or integer.

  • Addition of two or more duration fields. This operation returns a duration.

  • Addition of a timestamp and a duration. This operation returns a timestamp.

  • Concatenation of two or more strings. This operation returns a string.

  • Concatenation of two or more tuples. This operation returns a tuple.

How does it work in the search window?

Select Create field in the search window toolbar, then select the Addition, sum, plus / Concatenation operation. You need to specify at least two arguments:

Argument

Data type

Add / Concat mandatory

float, integertimestamp, duration, string, tuple

If you introduce a string data type in both arguments (Add and plus), the Add argument will be renamed as Concat.

plus mandatory

float, integer, timestamp, duration, string, tuple

You can add as many plus arguments as required, unless you use a timestamp data type, which allows only one.

Info

Valid combinations

The arguments are interdependent, in other words, the data type introduced in one of them determines the data types that are valid for the others (see Description section above for the list of combinations).

If you introduce an invalid combination of data types as arguments, an error icon will appear next to the argument in question and you will be informed about some of the valid options via tooltip.

The data type of the new field values can be float, integer, duration, timestamp, or string, depending on the arguments selected. See Description section above for the list of combinations and output data types.

Example

In the demosiem.logtrust.ecommerceweb.dataactivity table, we want to add 3001000 to all the values in the bytesTransferred fieldresponseTime field to add one second to the time. To do it, create a new field using the Addition, sum, plus / Concatenation operation. Let's call the new field bytesTransferredresponseTime+3001s.

The arguments needed to create the new field are:

...

Use the operator select... as...  and add the operation syntax to create the new field. These are the valid formats of the Addition, sum, plus / Concatenation operation:

  • number1 + number2 +...

  • duration1 + duration2 +...

  • timestamp + duration

  • string1 + string2 +...

  • tuple1 + tuple2 +...

  • add(number1, number2,...)

  • add(duration1, duration2,...)

  • add(timestamp, duration)

  • add(string1, string2,...)

  • add(tuple1, tuple2,...)

Info

Using this operation in Activeboards

Be aware that using this operation in Activeboards presents an important limitation: the number of arguments is limited to two.

As a workaround, you can perform subsequent adding operations until you have added all the arguments you need. Visit this article for more syntax differences between the Search Window and Activeboards.

Workaround example → select add(number1, number2) as A, add(A, number3) as B, add(B, number4) as C...

Example

You can copy the following LINQ scripts to try example in different tables:

Code Block
from siem.logtrust.web.activity
  select responseTime + 1000 as `responseTime+1s`

...