At (atend)
- Juan Tomás Alonso Nieto (Deactivated)
Description
Returns the last element of a tuple.
How does it work in the search window?
Select Create field in the search window toolbar, then select the At (atend) operation. You need to specify the following argument:
Argument | Data type |
|---|---|
Tuple mandatory | tuple |
The data type of the values in the new field is integer.
Example
In the siem.logtrust.web.activity table, we want to extract the last element of a tuple we’ve generated using the Make tuple operation. To do this, we will create a new field using the At (atend) operation. Let's call the new field TupleLast.
The arguments needed to create the new field are:
Tuple - Tuple
Click Create field and you will see the following result:
How does it work in LINQ?
Use the operator select... as... and add the operation syntax to create the new field.
This is the syntax for the At (atend)Â operation.
Use:
atend(tuple)Example
You can copy the following LINQ script and try the above example on the siem.logtrust.web.activity table:
from siem.logtrust.web.activity
select (srcPort, serverPort, ) as Tuple,
atend(Tuple) as TupleLast