add - Reference Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR XQL Language Reference

Product
Cortex XDR
Creation date
2023-10-31
Last date published
2024-03-27
Category
Reference Guide
Abstract

Learn more about the Cortex Query Language add() function that adds two integers.

Syntax

add (<string> | <integer>, <string> | <integer>)

Description

The add() function adds two positive integers. Parameters can be either integer literals, or integers as a string type, such as might be contained in a data field.

Example

dataset = xdr_data 
| alter mynum = add(action_file_size, 3) 
| fields action_file_size, mynum 
| filter action_file_size > 0 
| limit 1