Abstract
Learn more about the Cortex Query Language split() function that splits a string and returns an array of string parts.
Syntax
split (<value> [, <string_delimiter>])Description
The split() function splits a string using an optional delimiter, and returns the resulting substrings in an array. If no delimiter is specified, a space (' ') is used.
Examples
Split IP addresses into an array, each element of the array containing an IP octet.
dataset = xdr_data | fields action_local_ip as alii | alter ip_octets = split(alii, ".") | limit 10