Using filters to limit query results

You can use a filter to limit the query results for the following commands:

Getting information about application events:
kesl-control -E --query "<logical expression>"
Displaying information about the objects in the Storage:
kesl-control -B --query "<logical expression>"
Removing the selected objects from the Storage:
kesl-control -B --mass-remove --query "<logical expression>"

You can use multiple logical expressions to specify a filter by combining them using the AND operator. Logical expressions must be enclosed in quotation marks.

Syntax

"<field> <comparison operator> '<value>'"

"<field> <comparison operator> '<value>' and <field> <comparison operator> '<value>'"

Comparison operator

Comparison operator	Description
`>`	Greater than
`<`	Less than
`like`	Matches the specified value (when specifying the value, you can use masks %, see the example below)
`==`	Equal to
`!=`	Not equal to
`>=`	Greater than or equal to
`<=`	Less than or equal to

Examples:

Get information about files in the Storage that have the High severity level:

kesl-control -B --query "DangerLevel == 'High'"

Get information about events that contain the text "etc" in the FileName field:

kesl-control -E --query "FileName like '%etc%'"

Get events of the ThreatDetected type:

kesl-control -E --query "EventType == 'ThreatDetected'"

Output ThreatDetected events generated by ODS tasks:

kesl-control -E --query "EventType == 'ThreatDetected' and TaskType == 'ODS'"

Get events generated after the date specified in the UNIX™ time stamp system (the number of seconds that have elapsed since 00:00:00 (UTC), 1 January 1970):

kesl-control -E --query "Date > '1583425000'"

Get events generated after the date specified in YYYY-MM-DD hh:mm:ss format:

kesl-control -E --query "Date > '2022-12-22 18:52:45'"

Page top