`createtable`

Use the createtable command to tabulate one or more fields from link command results.

Syntax:

createtable name = <name> [limit = <limit>] select <field_selects> [, <field_selects>]*

Parameters

The following table lists the parameters used in this command, along with their descriptions.

Parameter	Description
`name`	Table display name
`limit`	Maximum number of rows for the table. Defaults to 500, which is the maximum limit.
`field_selects`	Syntax: `<output_fields> [from <table>]` `output_fields`: Syntax: `<field_name> [as <new_name>] \| <literal(name)> [as <new_name>]` `field_name`: The field to return in the result `name`: Return the value enclosed in the `literal()` function as is. This is useful if you want to use a string literal, but the query also has a field with the same name. `table`: Select fields from `sequence` command table instead of `link` command results.

The following command joins the link command result with sequence command result:

* | link Entity
  | sequence name = 'Security Event' span = 5min [ 'Security Result' = failure ]{5,} then [ 'Security Result' = success ]{1,} select 'Source IP Address'
  | createtable name = Events select Entity, literal(High) as 'Risk Level' select 'Start Time', Count from 'Security Event'

The following command summarizes the eventstats command result:

* | link Entity, Severity
  | eventstats avg('Content Size') as 'Avg Content Size' by Severity
  | createtable name = 'Size By Severity' select Severity, 'Avg Content Size'

Oracle Cloud Infrastructure Documentation

createtable

`createtable`