object_create - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Documentation

Product
Cortex XSIAM
Creation date
2024-03-06
Last date published
2024-10-10
Category
Administrator Guide
Abstract

Learn more about the Cortex Query Language object_create() function.

Syntax
object_create ("<key1>", "<value1>", "<key2>", "<value2>",...)
Description

The object_create() function returns an object based on the given parameters defined for the key and value pairs. Accepts n > 1 even number of parameters.

Example

Returns a final object to a field called a that contains the key and value pair {“2”:“password”}, where the "password" value is comprised by joining 2 values together.

dataset = xdr_data
| alter a = object_create("2", concat("pass", "word"))
| fields a