Easiest way to map fields in a single row to a dict?
68 views
Skip to first unread message
Mario DeTore
Oct 22, 2021, 9:08:02 AM10/22/21
to velociraptor-discuss
Hello everyone,
Let's say I have a "table" with the columns "a","b","c","d" and "foo". The first row contains 1,2,3,4,foo. How would I construct this dict using VQL if the column names aren't known?:
dict(
dict(
a="1",
b="2",
c="3",
d="4",
foo="bar"
)
Thanks,
Mario
Mike Cohen
Oct 22, 2021, 9:22:03 AM10/22/21
to Mario DeTore, velociraptor-discuss
Hi Mario,
You can use the items() plugin to automatically present each row as a dict - without really knowing the columns. Here is an example of converting a pslist
This works because a query is really an array of rows and rows are just dicts. When the items() plugin gets a list, it will treat the list index as the key (lists index is 0, 1, 2, 3, etc) and then the element gets the _value column - in this case the value is just the row.
Similarly if you give the items() plugin a dict, it will iterate over the key as _key and dict values as _value.
Thanks
Mike
--
You received this message because you are subscribed to the Google Groups "velociraptor-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to velociraptor-dis...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/velociraptor-discuss/a8bef727-27a5-49f6-9750-7aa56ace4b47n%40googlegroups.com.
Mario DeTore
Oct 22, 2021, 6:12:15 PM10/22/21
to Mike Cohen, velociraptor-discuss
Thanks Mike, your response got me pointed in the right direction. Here's what I came up with that satisfies the requirement:
Click here to report this email as spam.
Reply all
Reply to author
Forward
0 new messages