Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Current »

Get field names from a table. For ThreatGPS this operator gets the field names of an input table so the type of log can be identified and the correct playbook can be run. This operator can also be used to train a model for log prediction.

Operator usage in easy mode

  1. Click + on the parent node.

  2. Enter the Get Field Names operator in the search field and select the operator from the Results to open the operator form.

  3. In the Table drop-down, enter or select the table to which the operator is applied.

  4. Click Run to view the result.

  5. Click Save to add the operator to the playbook.

  6. Click Cancel to discard the operator form.

Usage Details

LQL Command

getFieldnames(input_table)

Input Parameters:

input_table: Name of the input table from which to get the column (field) names.

Output Table:
A 1-row table with columns Tablename and Fieldnames. Fieldnames is a comma-separated list of column names from input_table.

Example

Input
table = github_logs

sourceIP

sourcePort

destIP

destPort

1.1.1.1

1245

4.3.3.3

7854

3.3.3.3

4587

2.3.4.5

1247

LQL command

getFieldnames(github_logs)

Output

Tablename

Fieldnames

github_logs

sourceIP, sourcePort, destIP, destPort

  • No labels