getFieldnames
Get field names from a table. For ThreatGPS this operator gets the field names of an input table so the type of log can be identified and the correct playbook can be run. This operator can also be used to train a model for log prediction.
Operator Usage in Easy Mode
- Click + on the parent node.
- Enter the Get Field Names operator in the search field and select the operator from the Results to open the operator form.
- In the Table drop-down, enter or select the table to which the operator is applied.
- Click Run to view the result.
- Click Save to add the operator to the playbook.
- Click Cancel to discard the operator form.
Usage Details
LQL Command
getFieldnames(input_table)
Input Parameters:
input_table
: Name of the input table from which to get the column (field) names.
Output Table:
A 1-row table with columns Tablename
and Fieldnames
. Fieldnames
is a comma-separated list of column names from input_table
.
Example
Input
table = github_logs
sourceIP | sourcePort | destIP | destPort |
---|---|---|---|
1.1.1.1 | 1245 | 4.3.3.3 | 7854 |
3.3.3.3 | 4587 | 2.3.4.5 | 1247 |
LQL command
getFieldnames(github_logs)
Output
Tablename | Fieldnames |
---|---|
github_logs | sourceIP, sourcePort, destIP, destPort |