Remove columns from a table.

For example, if you have columns a,b,c,d,e,f,g,h,i,j,k) and want to remove columns j,k, you can easily use the following LQL query where j and k are excluded from the query.

LQL

select a, b, c, d, e, f, g, h, i from table

However, the process becomes more tedious and prone to error if the columns have long names, such as a = s3bucketAccountID, b = messageResponseTime, and so on. This operator addresses this issue.

Operator Usage in Easy Mode

Click + on the parent node.
Enter the Drop Columns operator in the search field and select the operator from the Results to open the operator form.
In the Table drop-down, enter or select a table that you want to drop the columns.
In the Column drop-down, select a column or multiple columns to remove from the table.
Click Run to view the result.
Click Cancel to discard the operator form.
Click Submit to add the operator to the playbook.

Usage Details

LQL Command

dropColumns(table, "col1", "col2" ...)

Example

Input

sourceIP	sourcePort	destIP	destPort
1	2	3	4

LQL command

dropColumns(table, "sourceIP") -- drop sourceIP column
dropColumns(table, "sourceIP", "sourcePort") -- drop sourceIP and sourcePort columns

Browser not supported