split

Cortex XDR XQL split() function splits a string and returns an array of string parts.

Synopsis

split (
<value> [, <
string_delimiter
>]
)

Description

The
split()
function splits a string using an optional delimiter, and returns the resulting substrings in an array. If no delimiter is specified, a space (' ') is used.

Examples

Split IP addresses into an array, each element of the array containing an IP octet.
dataset = xdr_data | fields action_local_ip as alii | alter ip_octets = split(alii, ".") | limit 10

Recommended For You