- KNOWLEDGE BASE
- DNIF Query Language (DQL Language)
- Query multiple streams
-
START YOUR TRIAL
-
DEVICE INTEGRATION
-
CONNECTORS
-
DATA INGESTION
-
HUNTING WITH WORKBOOKS
-
DNIF Query Language (DQL Language)
-
SECURITY MONITORING
-
OPERATIONS
-
MANAGE DASHBOARDS
-
MANAGE REPORTS
-
USER MANAGEMENT & ACCESS CONTROL
-
BILLING
-
MANAGING YOUR COMPONENTS
-
GETTING STARTED
-
INSTALLATION
-
SOLUTION DESIGN
-
AUTOMATION
-
TROUBLESHOOTING AND DEBUGGING
-
LICENSE MANAGEMENT
-
RELEASE NOTES
-
API
-
POLICIES
-
SECURITY BULLETINS
-
BEST PRACTICES
-
DNIF AI
-
DNIF LEGAL AND SECURITY COMPLIANCE
Query multiple streams
The DNIF Query Language lets you query multiple streams separated by a comma.
Syntax
The syntax for querying multiple streams is as follows:
stream = stream_name1,stream_name2, stream_name3
Here,
The keyword stream is a standard DQL keyword used to retrieve data
stream_name1, stream_name2, and stream_name3 are the names of the streams from which the data will be retrieved. These stream names are separated by commas. Let’s now look at a practical example
stream = AUTHENTICATION, FIREWALL,THREAT
The above DQL query retrieves all fields for each event in the FIREWALL, AUTHENTICATION, and THREAT streams.
Querying multiple streams in DQL Block
Querying multiple streams in Search Block