trim - Reference Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM XQL Language Reference
Product
Cortex XSIAM
Creation date
2024-02-26
Last date published
2024-04-16
Category
Reference Guide
Abstract

Learn more about the Cortex Query Language trim() function that removes spaces or characters from the beginning or end of a string.

Syntax

trim (<string>,[trim_characters])
rtrim (<string>,[trim_characters])
ltrim (<string>,[trim_characters])

Description

The trim() function removes specified characters from the beginning and end of a string. The rtrim() removes specific characters from the end of a string. The ltrim() function removes specific characters from the beginning of a string.

If you do not specify trim characters, then whitespace (spaces and tabs) are removed.

Examples

Remove '.exe' from the end of the action_process_image_name field value.

dataset = xdr_data 
| fields action_process_image_name as apin 
| filter apin != null 
| alter remove_exe_process = rtrim(apin, ".exe") 
| limit 10

See also the replace function example.