PantherFlow Expressions
Use these expressions in your PantherFlow query statements
Last updated
Was this helpful?
Use these expressions in your PantherFlow query statements
Last updated
Was this helpful?
Was this helpful?
array[X]
Retrieve value at X
foo[1]
object['X']
Retrieve value at X
foo['bar']
object.X
Retrieve value at X
foo.bar
==
Equality
A == B
!=
Inequality
A != B
and
Logical and
A and B
or
Logical or
A or B
not
Logical not
not A
<
Less than
A < B
<=
Less than or equal to
A <= B
>
Greater than
A > B
>=
Greater than or equal to
A >= B
+
Add
A + B
-
Subtract
A - B
*
Multiply
A * B
/
Divide
A / B
%
Modulo
A % B
in
Value is in array
X in [X, Y, Z], '10.10.10.100' in p_any_ip_addresses
not in
Value is not in array
X not in [A, B, C]
between
Value is between two values (inclusive), which are separated by ..
<foo> between <begin> .. <end>
not between
Value is not between two values (exclusive), which are separated by ..
<foo> not between <begin> .. <end>
An anonymous function, or "lambda function," is an unnamed function that can be used as an argument to the arrays.map() and arrays.filter() functions. Anonymous functions have zero or more parameters and a body that is an expression:
fn ([arg1] [, arg2...]]) { <expr> }arrays.map()In the example below, the anonymous function is applied to each of the elements in the array provided as the first argument to arrays.map():
arrays.map([1, 2, 3], fn (r) { r + 1 })After arrays.map() applies the function on each element, the array becomes:
[2, 3, 4]arrays.filter()In the example below, arrays.filter() uses the anonymous function as the filter condition:
arrays.filter([null, 5, null, 6], fn (elem) { elem != null })After arrays.filter() filters the list using the anonymous function, it becomes:
[5, 6]It's possible to nest anonymous functions, or use an anonymous function in the body of another anonymous function. This can be useful for extracting arrays within arrays:
let source = datatable [{
"results": [
{
"cats": [
{
"Name": "Whiskers",
"Breed": "Siamese",
"FurLength": "Short",
"ID": "AAAAA"
},
{
"Name": "Mittens",
"Breed": "Maine Coon",
"FurLength": "Long",
"ID": "BBBBB"
}
]
},
{
"cats": [
{
"Name": "Mr. Meow",
"Breed": "Orange Tabby",
"FurLength": "Short",
"ID": "CCCCC"
},
{
"Name": "Mrs. Meow",
"Breed": "Persian",
"FurLength": "Long",
"ID": "DDDDD"
}
]
}
]
}];
source
| project results=arrays.flatten(
arrays.map(results, fn (result) {
arrays.map(result.cats, fn (cat) {
object("CatName", cat.Name, "ID", cat.ID)
})
})
)[{"CatName":"Whiskers","ID":"AAAAA"},{"CatName":"Mittens","ID":"BBBBB"},{"CatName":"Mr. Meow","ID":"CCCCC"},{"CatName":"Mrs. Meow","ID":"DDDDD"}]