-
START YOUR TRIAL
-
DEVICE INTEGRATION
-
CONNECTORS
-
DATA INGESTION
-
HUNTING WITH WORKBOOKS
-
DNIF Query Language (DQL Language)
-
SECURITY MONITORING
-
OPERATIONS
-
MANAGE DASHBOARDS
-
MANAGE REPORTS
-
USER MANAGEMENT & ACCESS CONTROL
-
BILLING
-
MANAGING YOUR COMPONENTS
-
GETTING STARTED
-
INSTALLATION
-
SOLUTION DESIGN
-
AUTOMATION
-
TROUBLESHOOTING AND DEBUGGING
-
LICENSE MANAGEMENT
-
RELEASE NOTES
-
API
-
POLICIES
-
SECURITY BULLETINS
-
BEST PRACTICES
-
DNIF AI
-
DNIF LEGAL AND SECURITY COMPLIANCE
Overview
Introduced in v9.2.0
DQL (DNIF Query Language) is a powerful, yet simple, query language that helps to analyze data with ease. It is designed to facilitate the retrieval of specific information using simple queries. A large data set that is complex and messy can be analyzed with queries describing "what" should be accomplished rather than "how" i.e. you simply write a query telling what you want and not how it should be calculated.
The DNIF query language lets you use pipe (| ) syntax to explore, discover, and query data stored in DNIF. The syntax consists of commands delimited by the pipe character (|) where data flows from left to right through each pipeline.
For doing operations on data, DQL has many built-in functionsbuilt-in functions, such as count_distinct, sum, min, max, avg, percentage_of, ratio_of, count_if, length, and distinct. In this article, we will learn about DQL Functions with examples.
DQL can be used to match events, stack data, build aggregations, and perform analysis and can be used to accomplish the following:
- Search and process data using workbooks
- Power up widgets in a dashboard
- Create a customized report
- Raise a signal (alert) and track
- Hunt for threats without structure