add - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Documentation

Product
Cortex XSIAM
Creation date
2024-03-06
Last date published
2024-10-10
Category
Administrator Guide
Abstract

Learn more about the Cortex Query Language add() function that adds two integers.

Syntax
add (<string> | <integer>, <string> | <integer>)
Description

The add() function adds two positive integers. Parameters can be either integer literals, or integers as a string type, such as might be contained in a data field.

Example
dataset = xdr_data 
| alter mynum = add(action_file_size, 3) 
| fields action_file_size, mynum 
| filter action_file_size > 0 
| limit 1