Abstract
Learn more about the Cortex Query Language subtract()
function that subtracts two integers.
Syntax
subtract (<string1> | <integer1>, <string2> | <integer2>)
Description
The subtract()
function subtracts two positive integers by subtracting the second argument from the first argument. Parameters may be either integer literals, or integers as a string type such as might be contained in a data field.
Example
dataset = xdr_data | alter mynum = subtract(action_file_size, 3) | fields action_file_size, mynum | filter action_file_size > 3 | limit 1