通过

graph-to-table 运算符

  • 项目

适用于:✅Azure 数据资源管理器Azure MonitorMicrosoft Sentinel

graph-to-table 运算符将图形中的节点或边导出到表。

注意

此运算符与 make-graph 运算符结合使用。

语法

Nodes

G | graph-to-table nodes [ with_node_id=ColumnName ]

边缘

G | graph-to-table edges [ with_source_id=ColumnName ] [ with_target_id=ColumnName ] [ as TableName ]

节点和边

G | graph-to-table nodes as NodesTableName [ with_node_id=ColumnName ], edges as EdgesTableName [ with_source_id=ColumnName ] [ with_target_id=ColumnName ]

参数

客户 类型​​ 必需 说明
G string ✔️ 输入图源。
NodesTableName string 导出的节点表的名称。
EdgesTableName string 导出的边表的名称。
ColumnName string 导出具有给定列名的节点哈希 ID、源节点哈希 ID 或目标节点哈希 ID。

返回

Nodes

graph-to-table 运算符返回表格结果,其中每一行对应于源图中的一个节点。 返回的列是节点的属性。 提供 with_node_id 时,节点哈希列的类型为 long

边缘

graph-to-table 运算符返回表格结果,其中每一行对应于源图中的一个边。 返回的列是节点的属性。 提供 with_source_idwith_target_id 时,节点哈希列的类型为 long

节点和边

graph-to-table 运算符返回两个表格结果,与前面的说明匹配。

示例

以下示例使用 make-graph 运算符从边和节点表生成图形。 节点表示人员和系统,边表示节点之间的不同关系。 然后,每个示例显示了 graph-to-table 的不同用法。

获取边

在此示例中,graph-to-table 运算符将图形中的边导出到表。 with_source_idwith_target_id 参数导出每个边的源节点和目标节点的节点哈希。

let nodes = datatable(name:string, type:string, age:long) 
[ 
	"Alice", "Person", 23,  
	"Bob", "Person", 31,  
	"Eve", "Person", 17,  
	"Mallory", "Person", 29,  
	"Trent", "System", 99 
]; 
let edges = datatable(source:string, destination:string, edge_type:string) 
[ 
	"Alice", "Bob", "communicatesWith",  
	"Alice", "Trent", "trusts",  
	"Bob", "Trent", "hasPermission",  
	"Eve", "Alice", "attacks",  
	"Mallory", "Alice", "attacks",  
	"Mallory", "Bob", "attacks"  
]; 
edges 
| make-graph source --> destination with nodes on name
| graph-to-table edges with_source_id=SourceId with_target_id=TargetId

输出

SourceId TargetId target destination edge_type
-3122868243544336885 -7133945255344544237 Alice Bob communicatesWith
-3122868243544336885 2533909231875758225 Alice Trent 信托
-7133945255344544237 2533909231875758225 Bob Trent hasPermission
4363395278938690453 -3122868243544336885 Eve Alice attacks
3855580634910899594 -3122868243544336885 Mallory Alice attacks
3855580634910899594 -7133945255344544237 Mallory Bob attacks

获取节点

在此示例中,graph-to-table 运算符将图形中的节点导出到表。 with_node_id 参数导出节点哈希。

let nodes = datatable(name:string, type:string, age:long) 
[ 
	"Alice", "Person", 23,  
	"Bob", "Person", 31,  
	"Eve", "Person", 17,
	"Trent", "System", 99
]; 
let edges = datatable(source:string, destination:string, edge_type:string) 
[ 
	"Alice", "Bob", "communicatesWith",  
	"Alice", "Trent", "trusts",  
	"Bob", "Trent", "hasPermission",  
	"Eve", "Alice", "attacks",  
	"Mallory", "Alice", "attacks",  
	"Mallory", "Bob", "attacks"
]; 
edges 
| make-graph source --> destination with nodes on name
| graph-to-table nodes with_node_id=NodeId

输出

NodeId name type age
-3122868243544336885 Alice 人员 23
-7133945255344544237 Bob 人员 31
4363395278938690453 Eve 人员 17
2533909231875758225 Trent 系统 99
3855580634910899594 Mallory

获取节点和边

在此示例中,graph-to-table 运算符将图形中的节点和边导出到表。

let nodes = datatable(name:string, type:string, age:long) 
[ 
	"Alice", "Person", 23,  
	"Bob", "Person", 31,  
	"Eve", "Person", 17,
	"Trent", "System", 99
]; 
let edges = datatable(source:string, destination:string, edge_type:string) 
[ 
	"Alice", "Bob", "communicatesWith",  
	"Alice", "Trent", "trusts",  
	"Bob", "Trent", "hasPermission",  
	"Eve", "Alice", "attacks",  
	"Mallory", "Alice", "attacks",  
	"Mallory", "Bob", "attacks"
]; 
edges 
| make-graph source --> destination with nodes on name
| graph-to-table nodes as N with_node_id=NodeId, edges as E with_source_id=SourceId;
N; 
E

输出表 1

NodeId name type age
-3122868243544336885 Alice 人员 23
-7133945255344544237 Bob 人员 31
4363395278938690453 Eve 人员 17
2533909231875758225 Trent 系统 99
3855580634910899594 Mallory

输出表 2

SourceId target destination edge_type
-3122868243544336885 Alice Bob communicatesWith
-3122868243544336885 Alice Trent 信托
-7133945255344544237 Bob Trent hasPermission
4363395278938690453 Eve Alice attacks
3855580634910899594 Mallory Alice attacks
3855580634910899594 Mallory Bob attacks

相关内容