Index of (indexof)
- Sarah Bigault (Deactivated)
Description
This operation extracts the index of the first occurrence of a given value in an array. If no index is found, the result will be -1.
How does it work in the search window?
Select Create field in the search window toolbar, then select the Index of operation. You need to specify at two arguments:
Argument | Data type |
|---|---|
Array mandatory | Array Use the Make Array (mkarray) operation to convert a field to array data type. |
Value mandatory | Any |
The data type of the values in the new field is Array.
Example
In the siem.logtrust.web.activity table, we want to extract an index from mapped source and server ports and server hosts.
To do this, we will first use the Make array operation to create an array of the following values:
Now we can get the second index from the array field.
The arguments needed to create the new field are:
Array - Array
value - 1
Click Create field.
How does it work in LINQ?
Use the operator select... as... and add the operation syntax to create the new field.
This is the syntax for the index of operation.
Use:
indexof([1,2,3,4], 0) === -1
indexof([1,2,3,4], 3) === 2
indexof(["a","b","c","d"], "z") === -1
indexof(["a","b","c","d"], "a") === 0
indexof(["a","b","c","d"], null) === -1
indexof(null, "a") === -1Example
You can copy the following LINQ script and try the above example on the siem.logtrust.web.activity table.
from siem.logtrust.web.activity
select [serverPort, srcPort, serverHost] as Array,
indexof(Array, "1") as IndexÂ
Â
Â
Â