Abstract
Learn more about the Cortex Query Language format_string()
function.
Syntax
format_string("<format string>", <field_1>, <field_2>,...<field_n> )
Description
The format_string()
function returns a string from a format string that contains zero or more format specifiers, along with a variable length list of additional arguments that matches the format specifiers. A format specifier is initiated by the % symbol, and must map to one or more of the remaining arguments. Usually, this is a one-to-one mapping, except when the * specifier is used.
Examples
STRING
dataset = xdr_data | alter stylished_action_category_appID = format_string("-%s-", action_category_of_app_id ) | fields stylished_action_category_appID | limit 100
Simple integer
dataset = xdr_data | filter action_remote_ip_int != null | alter simple_int = format_string("%d", action_remote_ip_int) | fields simple_int | limit 100
Integer with left blank padding
dataset = xdr_data | filter action_remote_ip_int != null | alter int_with_left_blank = format_string("|%100d|", action_remote_ip_int) | fields int_with_left_blank | limit 100
Integer with left zero padding
dataset = xdr_data | filter action_remote_ip_int != null | alter int_with_left_zero_padding = format_string("+%0100d+", action_remote_ip_int) | fields int_with_left_zero_padding | limit 100