Nodes-specific commands reference

Syntax where_node <field> < ==|!=|<|>|<=|>=|in?|include?|exclude?|start_with?|end_with? > <value>
Parameters
  • field: the name of the field to which the operator will be applied
  • operator
  • value: the value used for the comparison. It can be a number, a string or a list (using JSON syntax), the query engine will understand the semantics.
Description The where_node command will send to the output only the items which fulfill the specified criterion, many clauses can be concatenated using the boolean OR operator. The where_node command is similar to the where command, but the output will also include all the nodes that are communicating directly with the result of the search.

Note: This command is only applicable to the nodes table.
Syntax where_link <field> < ==|!=|<|>|<=|>=|in?|include?|exclude?|start_with?|end_with? > <value>
Parameters
  • field: the name of the links table's field to which the operator will be applied.
  • operator
  • value: the value used for the comparison. It can be a number, a string or a list (using JSON syntax) the query engine will understand the semantics.
Description The where_link command will send to the output only the nodes which are connected by a link fulfilling the specified criterion. Many clauses can be concatenated using the boolean OR operator.

Note: This command is only applicable to the nodes table.

Syntax graph [node_label:<node_field>] [node_perspective:<perspective_name>] [link_perspective:<perspective_name>]
Parameters
  • node_label: add a label to the node, the label will be the content of the specified node field
  • node_perspective: apply the specified node perspective to the resulting graph. Valid node perspective values are:
    • roles
    • zones
    • transferred_bytes
    • not_learned
    • public_nodes
    • reputation
    • appliance_host
  • link_perspective: apply the specified link perspective to the resulting graph. Valid link perspectives are:
    • transferred_bytes
    • tcp_firewalled
    • tcp_handshaked_connections
    • tcp_connection_attempts
    • tcp_retransmitted_bytes
    • throughput
    • interzones
    • not_learned
Description The graph command renders a network graph by taking some nodes as input.