Equal (eq, =)
- Juan Tomás Alonso Nieto (Deactivated)
Description
You can apply this operation either as a Filter or Create column operation:
Filter | Compares two values of the same type and returns only the events where the values are exactly the same. |
|---|---|
Create column | Compares two values of the same type and creates a Boolean column that shows true when both values are exactly the same. |
This operation is case sensitive. Use the Equal - case insensitive (eqic) operation if you need to apply this operation ignoring case.
How does it work in the search window?
Select Filter / Create column in the search window toolbar, then select the Equal operation. You need to specify two arguments:
Argument | Data type |
|---|---|
Value mandatory | Any |
is equal to mandatory | The same as the Value data type |
If you use the Create column operation, the data type of the values in the new column is boolean (true or false).
Example
In the demo.ecommerce.data table, we want to detect events with status code 200. We will use the Create field operation to add a new Boolean field that shows true when our events have status code 200.
We will enter status_code_200 as the field name. The arguments needed are:
Value - statusCode field
is equal to - Click the pencil icon and enter 200
Click Create field.
Â
Click Filter and follow the same steps to filter events with status code 200.
How does it work in LINQ?
Use the operator where... to apply the Filter operation and select... as... to apply the Create column operation. These are the valid formats of the Equal operation:
field1 = field2eq(field1, field2)
Examples
You can copy the following LINQ scripts and try some examples:
from siem.logtrust.web.activity
select srcPort = 42924 as srcport_42924Try other examples on the demo.ecommerce.data table.
from demo.ecommerce.data
where statusCode = 200or
from demo.ecommerce.data
where eq(statusCode, 200)And this is the same example using the Create field operation:
or