Abstract
Learn more about the Cortex Query Language split()
function that splits a string and returns an array of string parts.
Syntax
split (<value> [, <string_delimiter>])
Description
The split()
function splits a string using an optional delimiter, and returns the resulting substrings in an array. If no delimiter is specified, a space (' ') is used.
Examples
Split IP addresses into an array, each element of the array containing an IP octet.
dataset = xdr_data | fields action_local_ip as alii | alter ip_octets = split(alii, ".") | limit 10