concat

Cortex XDR XQL concat() function joins multiple strings into a single string.

Synopsis

concat (<
string1
>, <
string2
>, ...)

Description

The
concat()
function joins multiple strings into a single string.

Examples

Display the first non-NULL
action_boot_time
field value. In a second column called
abt_string
, use the
concat()
function to prepend "str: " to the value, and then display it.
dataset = xdr_data | fields action_boot_time as abt | filter abt != null | alter abt_string = concat("str: ", to_string(abt)) | limit 1

Recommended For You