Abstract
Learn more the functions that can be used with Cortex Query Language (XQL) stages in Cortex XSIAM.
Some Cortex Query Language (XQL) stages can call XQL functions to convert the data to a desired format. For example, the current_time()
function returns the current timestamp, while the extract_time()
function can obtain the hour information in the timestamp. Functions may or may not need input parameters. The filter
and alter
stages are the two stages that can use functions for data transformations.