在 KQL 中是否有“strcat_if”函数?
[英]In KQL is there an 'strcat_if' function?
问题描述
I have been working with Defender ATP, and have parsed multiple columns but due to email security I have had to parse seperated columns in the format 'potentialPhishURL' and 'potentialPhishURL_vendor', in doing so I now have two columns, where usually when the vendor has applied a shim to the URL, the standard parse fails, and so with strcat("potentialPhishURL", "potentialPhishURL_vendor") does not work as sometimes both fields are populated.
我一直在使用 Defender ATP,并解析了多个列,但由于电子邮件安全性,我不得不解析格式为“potentialPhishURL”和“potentialPhishURL_vendor”的单独列,这样做我现在有两列,通常当供应商已对 URL 应用了 shim,标准解析失败,因此 strcat("potentialPhishURL", "potentialPhishURL_vendor") 不起作用,因为有时两个字段都被填充。
When both of these columns are populated (potentialPhishURL and potentialPhishURL_vendor) they obviously merge disgustingly and not how I need it (unique values or strcat_if empty) I guess.当这两个列都被填充时(potentialPhishURL 和 potentialPhishURL_vendor),它们显然令人作呕地合并,而不是我需要它的方式(唯一值或 strcat_if 为空)我猜。
Does anyone have any experience with how this is done?有没有人对如何做到这一点有任何经验? Merging a couple of columns in KQL when one of the columns is empty on the same row?当同一行上的一列为空时,合并 KQL 中的几列?
Thanks for reading/ helping if you can!如果可以的话,感谢您的阅读/帮助!
CB CB
1 个解决方案
解决方案1
0 已采纳 2021-10-28 12:08:48
您应该使用iff()函数,例如:
iff(isempty(col2), col1, strcat(col1, col2))
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.