FAQ: How do I concatenate two fields into a new single field?

LogScale Documentation Full Library Knowledge Base Release Notes Integrations Query Examples Training API GraphQL API Contacting Support

Reading time: 0 minutes

You can use concat() and select() to take two fields and put them both into a single, new field. In the following example, the fields UID and UserSid are collected and entered into a new field named userIdentifier:

logscale

#event_simpleName=ProcessRollup2
| concat([UID, UserSid], as="userIdentifier")
| select([@timestamp, aid, userIdentifier, ImageFileName])

Knowledge Base

FAQ: How do I concatenate two fields into a new single field?

Enter search term