Is there a way in kql to convert a public IP address to a country?
Basically I'm looking for the equivalent to Splunks iplocation function from SPL.
Thanks.
Kusto is a platform and does not hold its own dataset for ip->geo mapping.
Given you bring your own dataset - you can use ipv4/ipv6 functions to build such lookup.
https://learn.microsoft.com/en-us/azure/data-explorer/kusto/query/scalarfunctions#ipv4ipv6-functions
Related
If I have a PII string is there a function in Kusto to sort of mask it (anonymize) in such a way that it will still retain same distribution but there is no way to get back the original value?
You can use hash() or hash_sha256() functions to map text into irreversible represenation.
https://learn.microsoft.com/en-us/azure/data-explorer/kusto/query/sha256hashfunction
https://learn.microsoft.com/en-us/azure/data-explorer/kusto/query/hashfunction
We are on version TD 14 and I come from Netezza / Postgre(Redshift) background. I have been asked to extract a login data from audit logs to find out records/transactions where the same ip is submitting similar looking usernames with small changes. e.g Samir --> Samr --> Amir etc
To capture phishing activity.
In POstgres we have fuzzy string functions like '%' e.g ColA % ColB (where % operator is equivalent to Similar)
Soundex, Metaphone, levenshtein etc.
In Teradata however I have just encountered or I have been able to find just Soundex. Is there any such in built function/method capability with Teradata version 14 to achieve the above string approximation.
Teradata 14.x supports the Damerau-Levenshtein Distance algorithm via the EDITDISTANCE() function and n-gram pattern matching via the NGRAM() function.
You can find information about the EDITDISTANCE function here and the NGRAM() function here.
I have created a slice of structs that has 3 properties
type Person struct {
age int
gender string
name string
}
How can I pull the item from the slice which matches my criteria?
For example I would like to do
var persons []Person = mySliceOfPersons
person := getFrom(persons).Where(age ==10).Where(gender == "male")
The purpose here is to keep the data in memory, and not be restricted by IO. (I'm expecting thousands of calls per second). I am new to Go and I am not sure where to find a package that does this. The data comes from Json and not a Database so I don't think I can use the sql package.
This solution IS a database, but you can embed it into your application for use rather than relying on an outside db: https://github.com/HouzuoGuo/tiedot
Another possibility is an approach like this one, which uses the sql package against local flat files, which could potentially be adapted to run against map?: https://github.com/dinedal/textql
Good morning.
I have a problem with using business rules to Compare Dates.
I want to compare an input date vs current date.
The input message ( in this case the date that i want to compare) is a structure fieldname/fieldvalue.
->Example of the input:
<fiel:field>
<fiel:fieldName>mydate</fiel:fieldName>
<fiel:fieldValue>1998-01-13T10:34:39.018</fiel:fieldValue>
</fiel:field>
I want to compare this fieldValue with the current Date, and define the output message based on the result.
My jdevelepor has the version 11.1.1.4.
I tried to define a function to do this, but i was not very sucessfull.
Any help.
Thank you!
I would suggest looking at the XPAth date functions and String functions to do date and string manipulation to get your payload sin the format you want them.
I need to apply two successive aggregate functions to a dataset (the sum of a series of averages), something that is easily and routinely done with common table expressions in SQL Server or another DBMS that supports CTEs. Unfortunately, I am currently stuck with SQLite which does not support CTEs. Is there an alternative or workaround for achieving the same result in SQLite without performing two queries and rolling up the results in code?
To add a few more details, I don't think it could be easily done with views because the first set of aggregate values need to be retrieved based on a WHERE clause with several parameters. E.g.,
SELECT avg(elapsedTime)
FROM statisticsTable
WHERE connectionId in ([lots of values]) AND
updateTime > [startTime] AND
updateTime < [endTime]
GROUP BY connectionId
And then I need the sum of those averages.
Now that we are in THE FUTURE, let me note here that SQLite now does support Common Table Expressions, as of version 3.8.3 of 2014-02-03.
http://www.sqlite.org/lang_with.html
Would this work?
SELECT SUM(t.time) as sum_of_series_of_averages
FROM
(
SELECT avg(elapsedTime) as time
FROM statisticsTable
WHERE connectionId in ([lots of values]) AND
updateTime > [startTime] AND
updateTime < [endTime]
GROUP BY connectionId
) as t
By converting your averages into an inline view, you can SUM() the averages.
Is this what you are looking for?
As you've mentioned, SQLite doesn't support CTEs, window functions, or any of the like.
You can, however, write your own user functions that you can call inside SQLite by registering them to the database with the SQLite API using sqlite_create_function(). You register them with the database, and then you can use them in your own application code. You can make an aggregate function that would perform the sum of a series of averages based on the individual column values. For each value, a step-type callback function is called that allows you to perform some calculation on the data, and a pointer for holding state data is also available.
In your SQL, then, you could register a custom function called sum_of_series_of_averages and have:
SELECT sum_of_series_of_averages(columnA,columnB)
FROM table
WHERE ...
For some good examples on how those work, you should check out the SQLite source code, and also check out this tutorial (search for Defining SQLite User Functions).