Queries
You can use the Nozomi Networks Query Language (N2QL) syntax to create complex data processes to obtain, filter, and analyze lists of information from the Nozomi Networks software.
In Nozomi Networks Query Language (N2QL), queries consist of:
Data sources
Queries start by calling a data source. For example:
nodes | sort received.bytes desc | headpie command at the end of the query, the results
will show in a pie chart format, where each slice has node id as
the label and the received.bytes field as data.For
example:
nodes | sort received.bytes desc | head | pie ip received.bytes
Functions
You might not achieved your desired result just using queries. Consequently, query
syntax supports functions. With functions, you can apply calculations to the fields
and use the results as a new temporary field. For example, the
query:
nodes | sort sum(sent.bytes,received.bytes) desc | column ip sum(sent.bytes,received.bytes)sum function to sort on the aggregated
parameters, which produces a chart with the columns representing the sum of the
sent and received bytes.Prefix
The $ is a prefix that changes the interpretation of the right hand
side (rhs) of a where clause. By default, the rhs is interpreted as
a string. With the $ prefix, the interpretation of the rhs changes
to a field name.
For example, in a query such
as:
nodes | where id == 17.179.252.2== is expected to be a constant. If you create a
query such
as:nodes | where id == idid equal to the string
id.If, however, you use the
$, the second field is interpreted as a
field, not a
constant:nodes | where id == $id