Get Variable Array Filter

Definition

Description

If event matches Condition, get the value of Variable array element with index of Expression and assign it to FieldName.

 

 

Comments

 

If Variable or FieldName parameters are missing or invalid, the filter is disabled.

According to the VariableName and the VariableScope parameters, a full variable name is generated.

System Variable Object Details

The "System" variable is a pre-existing, read-only variable with ECS-level scope.

It contains several fields which assume values according to the following table:

Field Name Contained Value
hostname Name of ECS host
hostIP IP of ECS host
now Current ECS host system time as string

ECSName

Name of running ECS

ECAName

Name of ECA in which variable is referenced

 

Example

<filter disabled="False" objectId="getArray" type="GetVariableArrayFilter">
	<parameter autoSetDescription="true" comments="Add comments for Condition..." description="Match all Events" type="Condition">
		<negatePrimaryCondition>false</negatePrimaryCondition>
		<conditionRelation>All</conditionRelation>
	</parameter>
	<parameter type="Variable">ecs0:var</parameter>
	<parameter autoSetDescription="true" comments="Add comments for Expression..." description="1" type="Expression">
		<type>String</type>
		<formatString>1</formatString>
		<formatParmSpec>
			<type>VariableArray</type>
			<name>ecs0:var1</name>
			<index type="String">idx1</index>
		</formatParmSpec>
	</parameter>
	<parameter type="FieldName">ev:arr1</parameter>
</filter>