add - Administrator Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR Documentation

Product
Cortex XDR
Creation date
2024-03-06
Last date published
2024-10-01
Category
Administrator Guide
Abstract

Learn more about the Cortex Query Language add() function that adds two integers.

Syntax
add (<string> | <integer>, <string> | <integer>)
Description

The add() function adds two positive integers. Parameters can be either integer literals, or integers as a string type, such as might be contained in a data field.

Example
dataset = xdr_data 
| alter mynum = add(action_file_size, 3) 
| fields action_file_size, mynum 
| filter action_file_size > 0 
| limit 1