Document:Cortex XDR™ XQL Language Reference

to_float

Search the Table of Contents

copyright
- copyright
Get Started with XQL
Stages Commands Reference
- Alter
- Arrayexpand
- Bin
- Comp
  - avg
  - count
  - count_distinct
  - earliest
  - first
  - last
  - latest
  - list
  - max
  - min
  - sum
  - values
- Config
  - case_sensitive
  - timeframe
- Dedup
- Fields
- Filter
- Join
- Iploc
- Limit
- Replacenull
- Sort
- Target
- Union
- View
XQL Functions Reference
- add
- arrayconcat
- arraycreate
- arraydistinct
- arrayfilter
- arrayindex
- arrayindexof
- array_length
- arraymap
- arraymerge
- arrayrange
- arraystring
- coalesce
- concat
- current_time
- divide
- extract_time
- format_string
- format_timestamp
- floor
- if
- incidr
- incidrlist
- json_extract
- json_extract_array
- json_extract_scalar
- len
- lowercase
- multiply
- object_create
- parse_timestamp
- pow
- regextract
- replace
- replex
- round
- split
- string_count
- subtract
- timestamp_diff
- timestamp_seconds
- to_boolean
- to_float
- to_integer
- to_json_string
- to_number
- to_string
- to_timestamp
- trim
- uppercase

to_float

Cortex XDR XQL to_float() function converts a string to a floating point number.

Synopsis

to_float(<string>)

Description

The

to_float()

function converts a string that represents a number to a float.

Examples

Display the first 10 IP addresses that begin with a value greater than

192

. Use the split function to split the IP address by '.', and then use the arrayindex function to retrieve the first value in the resulting array. Convert this to a number and perform an arithmetic compare to arrive at a result set.

dataset = xdr_data 
| fields action_local_ip  as alii 
| filter to_float(arrayindex(split(alii, "."),0))  > 192 
| limit 10

Document:Cortex XDR™ XQL Language Reference

to_float

Table of Contents

to_float

Synopsis

Description

Examples

Recommended For You

Recommended Videos