Make set (mkset)
- Sarah Bigault (Deactivated)
Description
This operation creates a set from the given value(s).
To convert a complex data type to set data type, use the To Set operation.
How does it work in the search window?
Select Create field in the search window toolbar, then select the Make set operation. You need to specify at least one argument, and you can add as many value arguments as needed:
Argument | Data type |
|---|---|
Value | Any |
The data type of the values in the new field is set.
Example
In the siem.logtrust.web.activity table, we want to transform the integer values in the SrcPort field into a set. To do this, we will create a new field using the Make set operation.
Let's call the new field Set.
The arguments needed to create the new field are:
Value - SrcPort
Click Create field and you will see the following result:
How does it work in LINQ?
Use the operator select... as... and add the operation syntax to create the new field.
This is the syntax for the Make set operation.
Use:
{1,4,2,3} === mkset(1,2,3,4)
{"b","c","a"} === mkset("a","b","c")
{} === mkset()
{"a",null,"c"} === mkset("a","c",null)Example
You can copy the following LINQ script and try the above example on the my.upload.sample.data table. Keep in mind that you must download and upload the file provided before to your Devo domain.
from my.upload.sample.data
select split(message, ";", 16) as posNumbers1
select split(message, ";", 17) as posNumbers2
select int(posNumbers1) as integerValues1
select int(posNumbers2) as integerValues2,
[integerValues1, integerValues2] as Array
select {Array} as setÂ