Cmd CQL (Command Query Language) defines your reports, triggers, and searches on the sessions page. This glossary lists the CQL properties available throughout the web app, as well as several important notes on usage.
CQL usage — syntax and best practices:
- Cmd CQL values are only listed in the web interfaces where they are available for a particular query type (e.g., session trigger queries and searches of unresolved alerts have different vocabularies).
- Do not attempt to escape characters using the backslash, e.g.:
\*
.
Instead, escape characters with square brackets, e.g.:[*]
. - Cmd CQL provides a number of ways to match characters. We recommend you learn the syntax.
- The trigger best practices guide teaches some fundamental design principles to keep in mind when building triggers.
Searchable PDF version
View the downloadable, searchable version of this glossary.
Table of contents
This page contains glossaries of:
- Boolean operators
- CQL operators
- Command queries
- Session queries
- Server queries
- Trigger queries
- File queries
Boolean operators
You can create complex queries by joining CQL values together using Boolean search operators. For example:
(cmd_user_typed = 'true' and cmd = 'clear') and (cmd_hour_of_day < '8:00' or cmd_day_of_week IN 'saturday,sunday')
This example command trigger query would cause the trigger to fire when (a user manually typed a command and the command was "clear") and (the command was executed either before 8am or any time on a Saturday/Sunday).
The boolean operators available for constructing queries:
CQL operators
The CQL operators available for constructing queries: