1. Home
    2. Cortex
    3. Cortex XDR
    4. Cortex XDR™ XQL Language Reference
    5. XQL Functions Reference
    6. arraystring

    arraystring

    Cortex XDR XQL arraystring() function returns a string from an array, where each array element is joined by a defined delimiter.

    Synopsis

    arraystring (<
    string
    >, <
    delimiter
    >)

    Description

    The
    arraystring()
     function returns a string from an array, where each array element is joined by a defined delimiter.

    Examples

    Retrieve all
    action_app_id_transitions
     that are not null, combine each array into a string where array elements are delimited by " : ", and then use Dedup the resulting string. 
    dataset = xdr_data 
| fields action_app_id_transitions  as aait 
| alter transitions_string = arraystring(aait, " : ") 
| dedup transitions_string by asc _time 
| filter aait != null

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2021 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo