Template (template)
- Juan Tomás Alonso Nieto (Deactivated)
- Former user (Deleted)
- Former user (Deleted)
Description
Builds a template from the given string. A template is a replacement string (in template data type) that also admits capturing groups.
Capturing groups are sets of characters into which a string has been divided following a pattern established by a regular expression (see Regular expression operation). Those groups are labeled according to their order of occurrence preceded by a backslash, where \1 refers to the first group and \5 to the fifth.
To create a template to refer to a capturing group you need to include an expression you want to use as a template, together with the capturing group to which you want to make reference. For example:Â [\1] would use square brackets as a template for the first capturing group.
You can use the templates generated using this operation in the Substitute (subs) and Substitute all (subsall) operations.
How does it work in the search window?
Select Create column in the search window toolbar, then select the Template operation. You need to specify one argument:
Argument | Data type |
|---|---|
Reputation mandatory | string |
The data type of the values in the new column is template.
Example
In the siem.logtrust.web.activity table, we want to create a column that shows the character - in template data type so we can use it later as an argument of another operation. To do it, we will create a new column using the Template operation. Let's call it templates.
The arguments needed to create the new column are:
Template definition - Click the pencil icon and enter -
Â
Click Create column and you will see the following result:
A column in template data type that contains a hyphen and can be used in other operations, such as Substitute (subs) and Substitute all (subsall) operations.
Â
We can also create a column in the table that shows the character - after the first capturing group, in template data type so we can use it later as an argument of another operation. To do it, we will create a new column using the Template operation. Let's call it templatesCaptGroup.
The arguments needed to create the new column are:
Template definition - Click the pencil icon and enter \1-
Â
Click Create column and you will see the following result:
A column in template data type that contains a hyphen after the first capturing group and can be used in other operations, such as Substitute (subs) and Substitute all (subsall) operations.
How does it work in LINQ?
Use the operator select... as... and add the operation syntax to create the new column. This is the syntax for the Template operation:
template(string)
Example
You can copy the following LINQ script and try the previous examples on the siem.logtrust.web.activity table.Â
from siem.logtrust.web.activity
select template("-") as templatesfrom siem.logtrust.web.activity
select template("\\1-") as templatesCaptGroup