concat - Administrator Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR Documentation

Product
Cortex XDR
Creation date
2024-03-06
Last date published
2024-10-01
Category
Administrator Guide
Abstract

Learn more about the Cortex Query Language concat() function joins multiple strings into a single string.

Syntax
concat (<string1>, <string2>, ...)
Description

The concat() function joins multiple strings into a single string.

Example

Display the first non-NULL action_boot_time field value. In a second column called abt_string, use the concat() function to prepend "str: " to the value, and then display it.

dataset = xdr_data 
| fields action_boot_time as abt 
| filter abt != null 
| alter abt_string = concat("str: ", to_string(abt)) 
| limit 1