Union Operator
Overview
Query multiple tables with union.
Or
Union can be used to query multiple tables (including those defined by a let statement) at once or to inject data into an existing query. Table names can contain the wildcard character * to succinctly query tables with similar names, such as those with the same database or suffix.
Examples
Example data
Query multiple source tables
{ "p_event_time": "2023-09-16 05:45:34.863", "clientIp": "192.168.11.34", "type": "https" }
{ "p_event_time": "2023-09-16 05:59:04.058", "clientIp": "192.168.1.1", "type": "https" }
{ "p_event_time": "2023-09-16 05:36:09.017", "clientIp": "10.168.22.7", "type": "https" }
{ "p_event_time": "2023-09-16 05:23:30.812", "aws_region": "us-east-2", "eventName": "AssumeRole" }
Inject a table into an existing query
{ "p_event_time": "2023-09-16 05:45:34.863", "clientIp": "192.168.11.34", "type": "https" }
{ "p_event_time": "2023-09-16 05:59:04.058", "clientIp": "192.168.1.1", "type": "https" }
{ "p_event_time": "2023-09-16 05:36:09.017", "clientIp": "10.168.22.7", "type": "https" }
{ "p_event_time": "2023-09-16 05:23:30.812", "aws_region": "us-east-2", "eventName": "AssumeRole" }
Use a wildcard character to query many tables
This statement queries all tables whose names begin with the prefix panther_logs.
Last updated
Was this helpful?