Make tuple (mktuple)
- Juan Tomás Alonso Nieto (Deactivated)
Description
Creates a tuple from the given integer value(s).
How does it work in the search window?
Select Create field in the search window toolbar, then select the Make tuple operation. You need to specify at least one argument, and you can add as many value arguments as needed:
Argument | Data type |
|---|---|
value mandatory | Any |
Automatic conversion
Fields of a different data type will be automatically converted to the target data type for the operation, if possible. When not possible, you must first convert the field to the expected data type.
The data type of the values in the new field is tuple.
Example
In the siem.logtrust.web.activity table, we want to transform the integer values in the SrcPort and Server port fields into tuples. To do this, we will create a new field using the Make tuple operation. Let's call the new field Tuple.
The arguments needed to create the new field are:
value - SrcPort
value - serverPort
Click Create field and you will see the following result:
How does it work in LINQ?
Use the operator select... as... and add the operation syntax to create the new field.
This is the syntax for the Tuple operation.
Use:
(1,2,3,4) === mktuple(1,2,3,4)
("a","b","c") === mktuple("a","b","c")
() === mktuple()
("a",null,"c") === mktuple("a",null,"c")Example
You can copy the following LINQ script and try the above example on the siem.logtrust.web.activity table:
from siem.logtrust.web.activity
select mktuple(username, ip4(srcHost), mm2coordinates(ip4(srcHost)), true) as tuple