to_float - Reference Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM XQL Language Reference

Product
Cortex XSIAM
Creation date
2023-10-30
Last date published
2024-03-27
Category
Reference Guide
Abstract

Learn more about the Cortex Query Language to_float() function that converts a string to a floating point number.

Syntax

to_float(<string>)

Description

The to_float() function converts a string that represents a number to a floating point number.

Examples

Display the first 10 IP addresses that begin with a value greater than 192. Use the split function to split the IP address by '.', and then use the arrayindex function to retrieve the first value in the resulting array. Convert this to a number and perform an arithmetic compare to arrive at a result set.

dataset = xdr_data 
| fields action_local_ip  as alii 
| filter to_float(arrayindex(split(alii, "."),0))  > 192 
| limit 10