Document toolboxDocument toolbox

Greater than (gt, >)

Owned by Juan Tomás Alonso Nieto (Deactivated)
Last updated: May 10, 2023 by Former user (Deleted)
2 min read
[ 1 Description ] [ 2 How does it work in the search window? ] [ 3 How does it work in LINQ? ]

Description

You can apply this operation either as a Filter or Create field operation:

Filter

Filters those events where a value is greater than either another field of the same data type or a specified value.

Create field 

Creates a Boolean column that shows true when a value is greater than either another field of the same data type or a specified value.

How does it work in the search window?

Select Filter / Create field in the search window toolbar, then select the Greater than operation. You need to specify two arguments:

Argument

Data type

Argument

Data type

Value mandatory

Any

is greater than mandatory

The same as the Value data type

If you use the Create field operation, the data type of the values in the new column is boolean (true or false).

Working with strings

Be aware that in case you use strings, the values will be compared according to the ASCII code, in which each character has an associated value. If you want to know more about the ASCII code, click the following link.

Example

In the siem.logtrust.web.activity table, we want to get only the events where the number of responseTime greater than 500. To do it, we will apply a Filter using the Greater than operation.

The arguments needed for the filter are:

  • Value - responseTime field

  • is greater than - Click the pencil icon and enter 500

Click Filter data and you will see the following result:

Click Create column and follow the same steps to add a new Boolean column that shows true when the values in the bytesTransferred column are greater than 800.

How does it work in LINQ?

Use the operator where...  to apply the Filter operation and select... as...  to apply the Create column operation. These are the valid formats of the Greater than operation:

  • value1 > value2

  • gt(value1, value2)

Examples

You can copy the following LINQ scripts and try the above example on the demo.ecommerce.data table:

from demo.ecommerce.data where bytesTransferred > 800

or

from demo.ecommerce.data where gt(bytesTransferred, 800)

And this is the same example using the Create column operation:

from demo.ecommerce.data select bytesTransferred > 800 as bytes_gt_800

or