Forum Discussion
Sentinel query KQL with variables
Hello!
I need to use variables as parameters of functions in Sentinel Logs. I have:
let t = "Syslog";
let name = "my-Sentinel";
let id = "abc123";
Well, if do this, it works fine:
table("Syslog")
table(t)
workspace("my-Sentinel").table("Syslog")
workspace("my-Sentinel").Syslog
But i need to work this:
worskpace(name).table(t)
or
let x=strcat("workspace('", name, "')");
let y=strcat("table('", t, "')");
x.y
In general seems that the function workspace() doesent work with a variable as parameter, but the function table() if alone it works:
workspace("my-Sentinel") -> YES
workspace(n) -> NO
table("Syslog") -> OK
table(t) -> OK
Any idea how to make it works? In particulary to do this: workspace(name).table(t)
Thanks!!!
- You are correct when you say: ...the function workspace() doesent work with a variable
