Query language for filtering events

The event filtering query language supports the following functions and operators:

• Functions: in.
• Comparison operators for String or Boolean values:
  • ==
  • !=
• Comparison operators for numbers and variables:
  • AND
  • OR
  • NOT
  • ==
  • !=
  • >
  • >=
  • <
  • <=

You can view the list of fields by which you can filter events in the Fields for filtering events section.

If you want to receive information about events of different types, you must create a separate request for each type of event.

EventType=='threatdetect' OR EventType=='threatprocessingresult'

Numerical and string constants are supported. String constants must be enclosed in single quotation marks: 'example'. Wildcards * and ? are supported for string constants. If you do not want to use these characters as wildcards, you must escape them: \*, \?. Also, in string constants, you must escape special characters.

Page top