evtctxsetvar()

Sets a user variable in an event context. Returns true if the variable is set successfully, or false if it fails.

Syntax

evtctxsetvar(TOPIC, KEY, VAR_NAME, VALUE[, HOST])

Parameters

TOPIC
The topic name of the event context. String.
KEY
The key value of the event context. String.
VAR_NAME
The name of the variable to set. String.
VALUE
The value to store in the variable.
HOST
(Optional) The hostname to which the event context belongs. If omitted, the default host is searched.

Description

The function identifies the event context using TOPIC and KEY, then stores VALUE under the name VAR_NAME. Returns true (boolean) on success.

If TOPIC or KEY is null, false is returned. If VAR_NAME is null, false is returned. If VALUE is null, the variable is set with a null value.

Variables set with this function can be retrieved using the evtctxgetvar() function.

Error codes

Error codeDescription
invalid-evtctxsetvar-argumentsThe number of arguments is not 4 or 5.

Usage examples

  1. Set the last_ip variable in the event context for each user in the login_fail topic

    evtctx topic=login_fail key=src_user
| eval ok = evtctxsetvar("login_fail", src_user, "last_ip", src_ip)

  2. Set a variable and then retrieve it with evtctxgetvar()

    evtctx topic=login_fail key=src_user
| eval ok      = evtctxsetvar("login_fail", src_user, "score", risk_score)
| eval stored  = evtctxgetvar("login_fail", src_user, "score")

  3. TOPIC is null

    evtctx topic=login_fail key=src_user
| eval ok = evtctxsetvar(null, src_user, "last_ip", src_ip)
| # ok: false

Compatibility

evtctxsetvar() has been available since before Sonar 4.0.