arrayindex

Cortex XDR XQL arrayindex function returns the array element contained at the specified index.

Synopsis

arrayindex(<
array
>, <
index
>)

Description

The
arrayindex()
function returns the value contained in the specified array position. Arrays are 0-based.

Examples

Use the split function to split IP addresses into an array of octets. Return the 3rd octet contained in the IP address.
dataset = xdr_data | fields action_local_ip as alii | alter ip_third_octet = arrayindex(split(alii, "."), 2) | filter alii != null and alii != "0.0.0.0" | limit 10

Recommended For You