> For the complete documentation index, see [llms.txt](https://docs.panther.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.panther.com/ko/pantherflow/operators/extend.md). # Extend 연산자 ## 개요 다음으로 새 계산 필드를 추가합니다 `확장`. ```kusto | extend =[, ...] ``` ## 예시 {% hint style="info" %} 예제 데이터 ```kusto let aws_alb = datatable [ {"type": "https", "p_event_time": "2023-09-16 05:59:04.058", "sentBytes": 167}, {"type": "https", "p_event_time": "2023-09-16 05:45:34.863", "sentBytes": 329}, {"type": "https", "p_event_time": "2023-09-16 05:36:09.017", "sentBytes": 167}, {"type": "https", "p_event_time": "2023-09-16 05:27:39.177", "sentBytes": 468992} ]; ``` {% endhint %} ### 새 필드 추가 아래 쿼리는 필드 `sentKB`를 값 `sentBytes` 를 `1024`: ```kusto aws_alb | extend sentKB = sentBytes / 1024 ``` | 이벤트 | | ---------------------------------------------------------------------------------------------------------- | | `{ "p_event_time": "2023-09-16 05:59:04.058", "sentBytes": 167, "sentKB": 0.1630859375, "type": "https" }` | | `{ "p_event_time": "2023-09-16 05:45:34.863", "sentBytes": 329, "sentKB": 0.3212890625, "type": "https" }` | | `{ "p_event_time": "2023-09-16 05:36:09.017", "sentBytes": 167, "sentKB": 0.1630859375, "type": "https" }` | | `{ "p_event_time": "2023-09-16 05:27:39.177", "sentBytes": 468992, "sentKB": 458, "type": "https" }` | ### 여러 개의 새 필드 추가 아래 쿼리는 쉼표로 구분된 여러 필드를 추가합니다: ```kusto aws_alb | extend sentKB = sentBytes / 1024, sentMB = sentKB / 1024 ``` | 이벤트 | | ------------------------------------------------------------------------------------------------------------------------------------------- | | `{ "p_event_time": "2023-09-16 05:59:04.058", "sentBytes": 167, "sentKB": 0.1630859375, "sentMB": 0.0001592636108398438, "type": "https" }` | | `{ "p_event_time": "2023-09-16 05:45:34.863", "sentBytes": 329, "sentKB": 0.3212890625, "sentMB": 0.0003137588500976562, "type": "https" }` | | `{ "p_event_time": "2023-09-16 05:36:09.017", "sentBytes": 167, "sentKB": 0.1630859375, "sentMB": 0.0001592636108398438, "type": "https" }` | | `{ "p_event_time": "2023-09-16 05:27:39.177", "sentBytes": 468992, "sentKB": 458, "sentMB": 0.447265625, "type": "https" }` | ### 이후 표현식에서 추가된 필드 참조 추가된 필드는 이후 쿼리 표현식에서 참조할 수 있으며, 예를 들어 다음의 [`where`](/ko/pantherflow/operators/where.md) 연산자: ```kusto aws_alb | extend sentKB = sentBytes / 1024 | where sentKB > 2 ``` | 이벤트 | | ---------------------------------------------------------------------------------------------------- | | `{ "p_event_time": "2023-09-16 05:27:39.177", "sentBytes": 468992, "sentKB": 458, "type": "https" }` | ### 필드 제거 필드도 다음을 사용하여 제거할 수 있습니다 `확장` 다음으로 설정하여 `null`: ```kusto aws_alb | extend sentBytes = null ``` | 이벤트 | | ---------------------------------------------------------------- | | `{ "p_event_time": "2023-09-16 05:59:04.058", "type": "https" }` | | `{ "p_event_time": "2023-09-16 05:45:34.863", "type": "https" }` | | `{ "p_event_time": "2023-09-16 05:36:09.017", "type": "https" }` | | `{ "p_event_time": "2023-09-16 05:27:39.177", "type": "https" }` | --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.panther.com/ko/pantherflow/operators/extend.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.