To Array (array)
- Sarah Bigault (Deactivated)
Description
This operation converts a set to an Array. Use the Make Array (mkarray) operation for all other data types.
How does it work in the search window?
Select Create field in the search window toolbar, then select the To Array operation.
You need to specify at least one argument, and you can add as many value arguments as needed:
Argument | Data type |
|---|---|
Set mandatory | Set Use the Make Set (mkset) operation to convert a field to set data type. |
Automatic conversion
Fields of a different data type will be automatically converted to the target data type for the operation, if possible. When not possible, you must first convert the field to the expected data type.
The data type of the values in the new field is array.
Example
In the siem.logtrust.web.activity table, we want to transform a set of integer values in the SrcPort and Server port fields into an array.Â
First, we will make them into a Set for this operation.
The arguments needed to create the new field are:
value - SrcPort
value - Server port
Click Create field and you will see the following result:
Now, we will use this set to make an array using to To array operation:
You will see the following result:
How does it work in LINQ?
Use the operator select... as... and add the operation syntax to create the new field.
This is the syntax for the To array operation.
Use:
array :: {.a} -> [.a]Example
from siem.logtrust.web.activity
select {serverPort, srcPort} as set,
array(set) as ArrayÂ