Document toolboxDocument toolbox

Sort (sort)

Description

This operation sorts the elements of an array in ascending order. You can add a second argument to sort in descending order.

How does it work in the search window?

Select Create field in the search window toolbar, then select the Sort operation. You need to specify at one argument:

Argument

Data type

Argument

Data type

Array mandatory

Array

Use the Make Array (mkarray) operation to convert a field to array data type.

in ascending order

Boolean

The data type of the values in the new field is Array.

Example

In the siem.logtrust.web.activity table, we want to sort the values of an Array.

To do this, we will first use the Make array operation to transform the params field into an array data type for further use.

You will see the following result:

Now we can sort this array using the sort operation.

The arguments needed to create the new field are:

  • Array - Array

Click Create field and you will see the following result:

How does it work in LINQ?

Use the operator select... as...  and add the operation syntax to create the new field.

This is the syntax for the Join operation.

Use:

'sort([5,2,3,4,1]) === [1,2,3,4,5] ', 'sort(["d","a","c","b"]) === ["a","b","c","d"]', 'sort([5,2,3,4,1], true ) === [1,2,3,4,5] ', 'sort(["d","a","c","b"], true ) === ["a","b","c","d"]', 'sort([5,2,3,4,1], false) === [5,4,3,2,1] ', 'sort(["d","a","c","b"], false) === ["d","c","b","a"]', 'sort([5,2,3,4,1], null ) === null

Example

You can copy the following LINQ script and try the above example on the siem.logtrust.web.activity table. Keep in mind that you must download and upload the file provided before to your Devo domain.

from siem.logtrust.web.activity select [params] as Array, sort(Array) as Sort

 

Â