How to use the Query Builder

Query Builder is a convenient and fluent way to build multi-select and multi-faceted queries using in-depth analysis of data. It gives you access to all facets and facet statistics. For each clause added-to or delete-from the query expression, a real-time analysis is performed, and you will immediately see the analysis of search results in the query builder. The Query builder is available to you on every tab in a consistent manner.

In this section, we see different components of the query builder. Using Query builder on the events tab, you can build search queries for raw events.

Screenshot_How_to_use_the_Query_Builder.png

 

1. Topics


This is used to group facets based on a data source.

 

2. Facets


Facet is built for each key-value pair in the log event. The list of available facets gets updated dynamically as you build queries.

 

3. Values


For every facet, value distribution is shown to the user using all the values. This distribution is updated dynamically as you build queries. You can use the sorting options to sort all values based on frequency or alphabetically.

Screensot_Sorting_Values.png

 

4. Current Query


As you add or remove clauses from the query expression, the number of results updates. Additionally, you also see an editable query view where, as an example, you can change the clause operators to EQUAL or NOT.

Screenshot_Current_Query.png

 

5. QQL (Q-Sensei Query Language)


Currently a read-only query expression is shown to the user, however, you may be able to edit this query expression in future versions.

Was this article helpful?
0 out of 0 found this helpful