TeachJing, your videos are so incredibly helpful. I was struggling with joins and found your channel and have been binge watching since. Thank you so much for the effort you put into these, you're helping the whole security ecosystem become stronger.
great video!! i saw all you videos the are really good !!! can i ask a question ... if i have function can i put it in the dashboard and when it's called it will pop up to insert the parameters
Can i pass a tablename as parameter in user stored function??. I am trying like. let data=(searchtable:string) { table(searchtable) |count }; make this as user stored function with searchtable parameter defined in function. and when i call the stored function..Lets say i stored it as test..then test("Heartbeat") should give count of events in Heartbeat..but gives error saying "body of the callable expression cannot be empty " any idea??
I have done this in a workbooks pretty easy because workbook parameters will pass the string into the query prior to anything being evaluated. So you actually don’t even need a let statement. In regards to directly answering your question. You gotta do a trick sorta. You see that let statement will run through a pre-check and that table is invalid since you haven’t provided a value yet before it was evaluated. It’s trying to figure out the table. You can try doing a search and filtering on the table name which might be able to take a string! I just haven’t tried that, but seems like a better way since that condition IS expecting a string. I think I have done this exactly scenario but don’t recall when. Let me know if this works for you.
TeachJing, your videos are so incredibly helpful. I was struggling with joins and found your channel and have been binge watching since. Thank you so much for the effort you put into these, you're helping the whole security ecosystem become stronger.
You are so welcome!
I just found you!!! Amazing videos. Thanks you. :)
Thank you for the kind words!
Good👍 one
great video!! i saw all you videos the are really good !!!
can i ask a question ... if i have function can i put it in the dashboard and when it's called it will pop up to insert the parameters
No. You need to provide the parameters when you call the function.
@@TeachJing thanks!
Can i pass a tablename as parameter in user stored function??.
I am trying like.
let data=(searchtable:string)
{
table(searchtable)
|count
};
make this as user stored function with searchtable parameter defined in function.
and when i call the stored function..Lets say i stored it as test..then test("Heartbeat") should give count of events in Heartbeat..but gives error saying "body of the callable expression cannot be empty " any idea??
I have done this in a workbooks pretty easy because workbook parameters will pass the string into the query prior to anything being evaluated. So you actually don’t even need a let statement.
In regards to directly answering your question. You gotta do a trick sorta. You see that let statement will run through a pre-check and that table is invalid since you haven’t provided a value yet before it was evaluated. It’s trying to figure out the table. You can try doing a search and filtering on the table name which might be able to take a string! I just haven’t tried that, but seems like a better way since that condition IS expecting a string.
I think I have done this exactly scenario but don’t recall when. Let me know if this works for you.
lol @ still using winamp :) if it ain't broke... (I also still appreciate its simplicity)
Thanks for the video, very informative.
It really kicks the llamas asss
You know Pokémon. We all know Pokémon!
Gotta catch em all