File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -12,6 +12,7 @@ experimental::[]
1212* <<eql-fn-endswith>>
1313* <<eql-fn-length>>
1414* <<eql-fn-startswith>>
15+ * <<eql-fn-string>>
1516* <<eql-fn-substring>>
1617* <<eql-fn-wildcard>>
1718
@@ -337,6 +338,44 @@ field datatypes:
337338*Returns:* boolean or `null`
338339====
339340
341+ [discrete]
342+ [[eql-fn-string]]
343+ === `string`
344+
345+ Converts a value to a string.
346+
347+ [%collapsible]
348+ ====
349+ *Example*
350+ [source,eql]
351+ ----
352+ string(42) // returns "42"
353+ string(42.5) // returns "42.5"
354+ string("regsvr32.exe") // returns "regsvr32.exe"
355+ string(true) // returns "true"
356+
357+ // null handling
358+ string(null) // returns null
359+ ----
360+
361+ *Syntax*
362+ [source,txt]
363+ ----
364+ string(<value>)
365+ ----
366+
367+ *Parameters*
368+
369+ `<value>`::
370+ (Required)
371+ Value to convert to a string. If `null`, the function returns `null`.
372+ +
373+ If using a field as the argument, this parameter does not support the
374+ <<text,`text`>> field datatype.
375+
376+ *Returns:* string or `null`
377+ ====
378+
340379[discrete]
341380[[eql-fn-substring]]
342381=== `substring`
You can’t perform that action at this time.
0 commit comments