Using logical expressions
January 20, 2022
ID 199522
You can use logical expressions to limit the query results for the following commands:
- To get information about Kaspersky Endpoint Security events:
kesl-control -E --query "<logical expression>" - To get information about files in the Storage:
kesl-control-B --query "<logical expression>" - To remove selected objects from the Storage:
kesl-control-B --mass-remove --query "<logical expression>"
You can specify multiple filters by combining them by using the logical AND. Enclose the logical expression in quotation marks.
Syntax
"<field> <logical operator> '<value>'"
"<field> <logical operator> '<value>' and <field> <logical operator> '<value>'"
Logical operator description
Logical operator | Description | |
|---|---|---|
> | Greater than | |
< | Less than | |
like | Matches the specified value (when specifying the value, you can use masks %, see the example below) | |
== | Equal to | |
!= | Not equal to | |
>= | Greater than or equal to | |
<= | Less than or equal to | |
Example: Get information about files in the Storage that have the High severity level:
Get information about events that contain the text "etc" in the FileName field:
Get events of the ThreatDetected type:
Get events of the ThreatDetected type generated by the ODS tasks:
Get events generated after the date specified in the UNIX time stamp system (the number of seconds that have elapsed since 00:00:00 (UTC), 1 January 1970):
| ||
