Document toolboxDocument toolbox

Greater or equal (ge, >=)

Owned by Juan Tomás Alonso Nieto (Deactivated)
Last updated: May 10, 2023 by Sarah Bigault (Deactivated)
2 min read
[ 1 Description ] [ 2 How does it work in the search window? ] [ 3 How does it work in LINQ? ]

Description

You can apply this operation either as a Filter or Create field operation:

Filter

Filters those events where a value is greater than or equal to either another field of the same data type or a specified value.

Create field

Creates a Boolean column that shows true when a value is greater than or equal to either another field of the same data type or a specified value.

How does it work in the search window?

Select Filter / Create field in the search window toolbar, then select the Greater or equal operation. You need to specify two arguments:

Argument

Data type

Argument

Data type

Value mandatory

Any

is greater or equal to mandatory

The same as the Value data type

If you use the Create field operation, the data type of the values in the new field is boolean (true or false).

Working with strings

Be aware that in case you use strings, the values will be compared according to the ASCII code, in which each character has an associated value. If you want to know more about the ASCII code, click the following link.

Example

In the siem.logtrust.web.activity table, we want to get only the events with responseTimes greater than 1000. To do it, we will apply a Filter using the Greater or equal operation.

The arguments needed for the filter are:

  • Value - responseTime field

  • is greater or equal to - Click the pencil icon and enter 1000

Click Filter data and you will see the following result:

Click Create field and follow the same steps to add a new Boolean column that shows true when the values in the responseTime is greater than 10000.

How does it work in LINQ?

Use the operator where...  to apply the Filter operation and select... as...  to apply the Create column operation. These are the valid formats of the Greater or equal operation:

  • value1 >= value2

  • ge(value1, value2)

Examples

You can copy the following LINQ scripts and try the above example on the demo.ecommerce.data table:

from demo.ecommerce.data where timeTaken >= 700

or

from demo.ecommerce.data where ge(timeTaken, 700)

And this is the same example using the Create field operation:

from demo.ecommerce.data select timeTaken >= 700 as time_ge_700

or