Cortex XDR XQL to_number() function converts a string to a number.
to_number()function converts a string that represents a number to a float.
Display the first 10 IP addresses that begin with a value greater than
192. Use the split function to split the IP address by '.', and then use the arrayindex function to retrieve the first value in the resulting array. Convert this to a number and perform an arithmetic compare to arrive at a result set.
dataset = xdr_data | fields action_local_ip as alii | filter to_number(arrayindex(split(alii, "."),0)) > 192 | limit 10
Recommended For You
Recommended videos not found.