count - Reference Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR XQL Language Reference

Product
Cortex XDR
Creation date
2024-07-16
Last date published
2024-10-06
Category
Reference Guide
Abstract

Learn more about the Cortex Query Language count function used with both comp and windowcomp stages.

Syntax

Description

The count() function is used to return a single count for the number of rows either for a field over a group of rows, where only the number of non-null values found are returned, or without a field to count the number of rows, including null values. The function syntax and application is based on the preceding stage:

Examples