- KNOWLEDGE BASE
- DNIF Query Language (DQL Language)
- Query by source name
-
START YOUR TRIAL
-
DEVICE INTEGRATION
-
CONNECTORS
-
DATA INGESTION
-
HUNTING WITH WORKBOOKS
-
DNIF Query Language (DQL Language)
-
SECURITY MONITORING
-
OPERATIONS
-
MANAGE DASHBOARDS
-
MANAGE REPORTS
-
USER MANAGEMENT & ACCESS CONTROL
-
BILLING
-
MANAGING YOUR COMPONENTS
-
GETTING STARTED
-
INSTALLATION
-
SOLUTION DESIGN
-
AUTOMATION
-
TROUBLESHOOTING AND DEBUGGING
-
LICENSE MANAGEMENT
-
RELEASE NOTES
-
API
-
POLICIES
-
SECURITY BULLETINS
-
BEST PRACTICES
-
DNIF AI
-
DNIF LEGAL AND SECURITY COMPLIANCE
Query by source name
The DNIF Query Language supports querying by source name. Data from a specific source is written to one or more streams, and when you query by source name, all streams associated with that source are included in the query.
Syntax
The syntax for querying by source name is as follows:
sourcename = source_name
Here, sourcename is the standard DQL keyword to retrieve data
Source_name is the name of the source from where the data will be retrieved. Please note that only one source name can be queried at any given time. Let’s now look at a practical example
sourcename = ZSCALER
If data from ZSCALER is written into the FIREWALL, AUTHENTICATION, and THREAT streams, executing the above DQL query will retrieve all fields for each event within these three streams.
Querying by source name in DQL Block
Querying by source name in Search Block
Disclaimer:
Please note that when querying by source name, your query might not return any data, even if a significant volume of data is shown for scanning. This can occur if the underlying streams linked to the selected source name include data from other sources too.