Home
Guardian
User Guide
Information and resources about the main features of Guardian, and the tasks that you can do from the user interface (UI).
Queries
Queries
You can use the Nozomi Networks Query Language (N2QL) syntax to create complex data processes to obtain, filter, and analyze lists of information from the Nozomi Networks software.
Functions

Guardian
- Introduction
  An overview of Guardian.
- Installation Guide
  Information and resources on how to install Guardian, and the different options and settings that are available.
- Administrator Guide
  Information and resources about the Administration section of Guardian, and the tasks that you can do in this part of the software.
- User Guide
  Information and resources about the main features of Guardian, and the tasks that you can do from the user interface (UI).
  - Sensors
  - Alerts
  - Assets
  - Queries
    - Queries
      You can use the Nozomi Networks Query Language (N2QL) syntax to create complex data processes to obtain, filter, and analyze lists of information from the Nozomi Networks software.
  - Smart Polling
  - Arc
  - Network
  - Process
  - Reports
  - Assertions
  - Time machine
  - Vulnerabilities
  - Administration
  - Personal settings
- Maintenance Guide
  Information about the maintenance tasks of Guardian, to help you administer and maintain the solution in a production environment.
- Print format documentation
  A list of all the print-format documentation that is available for Guardian.

Functions

Functions are always used in conjunction with other commands, such as select. In the following examples, functions are shown in bold:

Combining functions with select: nodes | select id type color(type)
Combining functions with where: nodes | where size(label) > 10
Combining functions with group_by: nodes | group_by size(protocols)

Here is the complete list of functions:


Syntax	`abs(<field>)`
Parameters	the field on which to calculate the absolute value
Description	The abs function returns the absolute value of the field


Syntax	`bitwise_and(<numeric_field>,<mask>)`
Parameters	numeric_field: the numeric field on which apply the mask mask: a number that will be interpreted as a bit mask
Description	The bitwise_and function calculates the bitwise & operator between the numeric_field and the mask entered by the user


Syntax	`coalesce(<field1>,<field2>,...)`
Parameters	a list of fields or string literals in the format "<chars>"
Description	The coalesce function will output the first value that is not null


Syntax	`color(<field>)`
Parameters	field: the field on which to calculate the color
Description	The color function generates a color in the rgb hex format from a value
Note	Only available for nodes, links, variables and function_codes


Syntax	`concat(<field1>,<field2>,...)`
Parameters	a list of fields or string literals in the format "<chars>"
Description	The concat function will output the concatenation of the input fields or values


Syntax	`date(<time>)`
Parameters	time defined as unix epoch
Description	The date function returns a date from a raw time


Syntax	`day_hour(<time_field>)`
Parameters	time_field: the field representing a time
Description	The day_hour function returns the hour of the day plus the sensor's local time offset from UTC, i.e. a value in the range 0 through 23. Be careful when accounting for daylight saving time. Use day_hour_utc when absolute precision is desired


Syntax	`day_hour_utc(<time_field>)`
Parameters	time_field: the field representing a time
Description	The day_hour_utc function returns the hour of the day expressed in UTC for the current time field, i.e. a value in the range 0 through 23


Syntax	`days_ago(<time_field>)`
Parameters	time_field: the field representing a time
Description	The days_ago function returns the amount of days passed between the current time and the time field value


Syntax	`dist(<field1>,<field2>)`
Parameters	the two fields to compute the distance on
Description	The dist function returns the distance between field1 and field2, which is the absolute value of their difference


Syntax	`div(<field1>,<field2>)`
Parameters	field1 and field2: the two field to divide
Description	The div function will calculate the division field1/field2


Syntax	`hours_ago(<time_field>)`
Parameters	time_field: the field representing a time
Description	The hours_ago function returns the amount of hours passed between the current time and the time field value


Syntax	`is_empty(field) == true \| false`
Parameters	field: the field to check to evaluate whether it is empty or not
Description	The is_empty command takes a field as input and returns only the entries that are either empty / not empty.
Example	nodes \| where is_empty(label) == false


Syntax	`is_recent(<time_field>)`
Parameters	time_field: the field representing a time
Description	The is_recent function takes a time field and returns true if the time is not farther than 30 minutes


Syntax	`minutes_ago(<time_field>)`
Parameters	time_field: the field representing a time
Description	The minutes_ago function returns the amount of minutes passed between the current time and the time field value


Syntax	`mult(<field1>,<field2>,...)`
Parameters	a list of fields to multiply
Description	The mult function returns the product of the fields passed as arguments


Syntax	`round(<field>,[precision])`
Parameters	field: the numeric field to round precision: the number of decimal places
Description	The round function takes a number and outputs the rounded value


Syntax	`seconds_ago(<time_field>)`
Parameters	time_field: the field representing a time
Description	The seconds_ago function returns the amount of seconds passed between the current time and the time field value


Syntax	`split(<field>,<splitter>,<index>)`
Parameters	field: the field to split splitter: the character used to separate the string and produce the tokens index: the 0 based index of the token to output
Description	The split function takes a string, separates it and outputs the token at the <index> position


Syntax	`sum(<field>,...)`
Parameters	a list of fields to sum
Description	The sum function returns the sum of the fields passed as arguments