Using logical expressions

You can use logical expressions to limit the query results for the following commands:

To get information about Kaspersky Endpoint Security events:
kesl-control -E --query "<logical expression>"
To get information about files in the Storage:
kesl-control-B --query "<logical expression>"
To remove selected objects from the Storage:
kesl-control-B --mass-remove --query "<logical expression>"

You can specify multiple filters by combining them by using the logical AND. Enclose the logical expression in quotation marks.

Syntax

"<field> <logical operator> '<value>'"

"<field> <logical operator> '<value>' and <field> <logical operator> '<value>'"

Logical operator description

Logical operator	Description

>	Greater than
<	Less than
like	Matches the specified value (when specifying the value, you can use masks %, see the example below)
==	Equal to
!=	Not equal to
>=	Greater than or equal to
<=	Less than or equal to
Example: Get information about files in the Storage that have the High severity level: `kesl-control -B --query "DangerLevel == 'High'"` Get information about events that contain the text "etc" in the FileName field: `kesl-control -E --query "FileName like '%etc%'"` Get events of the ThreatDetected type: `kesl-control -E --query "EventType == 'ThreatDetected'"` Get events of the ThreatDetected type generated by the ODS tasks: `kesl-control -E --query "EventType == 'ThreatDetected' and TaskType == 'ODS'"` Get events generated after the date specified in the UNIX time stamp system (the number of seconds that have elapsed since 00:00:00 (UTC), 1 January 1970): `kesl-control -E --query "Date > '1583425000'"`