At (at)
- Sarah Bigault (Deactivated)
- Juan Tomás Alonso Nieto (Deactivated)
Description
Returns the n-th element of a tuple.
How does it work in the search window?
Select Create field in the search window toolbar, then select the At operation. You need to specify the following argument:
Argument | Data type |
|---|---|
Tuple mandatory | tuple |
at mandatory | integer |
The data type of the values in the new field is integer.
Example
In the siem.logtrust.web.activity table, we want to extract the second element of a tuple we’ve generated using the Make tuple operation. To do this, we will create a new field using the At operation. Let's call the new field Tuple1.
The arguments needed to create the new field are:
Tuple - Tuple
at - 1
Click Create field and you will see the following result:
How does it work in LINQ?
Use the operator select... as... and add the operation syntax to create the new field.
This is the syntax for the At operation.
Use:
at(tuple, n)or
(tuple)[n]Example
You can copy the following LINQ script and try the above example on the siem.logtrust.web.activity table:
from siem.logtrust.web.activity
select (srcPort, serverPort, ) as Tuple
select Tuple[1] as Tuple1