trim

Cortex XDR XQL trim function removes spaces or characters from the beginning or end of a string.

Synopsis

trim (<
string
>,[
trim_characters
])
rtrim (<
string
>,[
trim_characters
])
ltrim (<
string
>,[
trim_characters
])

Description

The
trim()
function removes specified characters from the beginning and end of a string. The
rtrim()
removes specific characters from the end of a string. The
ltrim()
function removes specific characters from the beginning of a string.
If you do not specify trim characters, then whitespace (spaces and tabs) are removed.

Examples

Remove '.exe' from the end of the
action_process_image_name
field value.
dataset = xdr_data | fields action_process_image_name as apin | filter apin != null | alter remove_exe_process = rtrim(apin, ".exe") | limit 10
See also the replace function example.

Recommended For You