dropColumns
Drop columns from a table
Remove columns from a table.
For example, if you have columns a,b,c,d,e,f,g,h,i,j,k) and want to remove columns j,k, you can easily use the following LQL query where j and k are excluded from the query.
select a, b, c, d, e, f, g, h, i from table
However, the process becomes more tedious and prone to error if the columns have long names, such as a = s3bucketAccountID, b = messageResponseTime, and so on. This operator addresses this issue.
Operator Usage in Easy Mode
- Click + on the parent node.
- Enter the Drop Columns operator in the search field and select the operator from the Results to open the operator form.
- In the Table drop-down, enter or select a table that you want to drop the columns.
- In the Column drop-down, select a column or multiple columns to remove from the table.
- Click Run to view the result.
- Click Cancel to discard the operator form.
- Click Submit to add the operator to the playbook.
Usage Details
dropColumns(table, "col1", "col2" ...)
Example
Input
| sourceIP | sourcePort | destIP | destPort |
|---|---|---|---|
| 1 | 2 | 3 | 4 |
dropColumns(table, "sourceIP") -- drop sourceIP column
dropColumns(table, "sourceIP", "sourcePort") -- drop sourceIP and sourcePort columns
Updated 6 months ago