tostring

The tostring function is used in an eval operation to convert fields into string values. The input for tostring can be string values, numbers, integers, double point, float, IP/MAC address, and dates. All of these inputs must come from a field in the ArcSight Database.

• Syntax
• Parameters
• How Do I Use This?

Syntax

search_criteria [pipe_operator]* eval alias_name = tostring (one_field) [pipe_operator]*]*

where:

• search_criteria represents the criteria being tested in the query.

• pipe_operator represents the pipe operation for the query.

• alias_name represents the field to be converted to a string value.

Parameters

The function only accepts one parameter. More than that will cause an error. The parameter can be a field that represents a string, number, IP address, MAC address, and date. If the parameter is null, it returns a null input.

How Do I Use This?

Here are examples of queries using tostring:

... | eval testString = tostring(Name)

Name not equal null | eval testNumber = tostring(AgentSeverity)

... | eval testmac = tostring(Agent Mac Address)

... | eval testData = tostring(Device Receipt Time)

Agent Address not equal null | eval testIp = tostring(Agent Address)

 

For information about other operators, functions, and syntax requirements, see Use an Operator in the Query.