Home
Vantage
User Guide
Information about the main features of Vantage and the tasks that you can do from the user interface (UI).
Queries
Queries
The Queries page lets you write queries for your system. When you query Vantage, the data it returns is based on the tables, fields, commands, and functions that you specify in the query text field.
Execute a query
It is important to know how to execute a query correctly in Vantage.

Vantage
- Introduction
  An overview of Vantage.
- Administrator Guide
  Information about the Administration section of Vantage, and the tasks that you can do in this part of the software.
- User Guide
  Information about the main features of Vantage and the tasks that you can do from the user interface (UI).
  - Sensors
  - Alerts
  - Assets
  - Wireless
  - Queries
    - Queries
      The Queries page lets you write queries for your system. When you query Vantage, the data it returns is based on the tables, fields, commands, and functions that you specify in the query text field.
      - Execute a query
        It is important to know how to execute a query correctly in Vantage.
      - Commands
        A list of example query commands.
      - Functions
        A list of example query functions.
  - Vulnerabilities
  - Vantage IQ
  - Network
  - Graph
  - Process
  - Dashboards
  - Reports
  - Sites
  - Workbooks
  - Async operations
  - What's new
  - Administration
  - Profile settings
  - Organizations menu
- Print format documentation
  A list of all the print-format documentation that is available for Vantage.

Execute a query

It is important to know how to execute a query correctly in Vantage.

Note: Strings are always "quoted", otherwise they are interpreted as data fields. For example, you can write a query similar to

alerts | where closed_time >
                    time

to compare two fields.

Note: Use the / operator to navigate into JavaScript Object Notation (JSON) fields.

Note: When you access a JSON sub field, occurrences of \ are translated to . For example, os:info/source becomes os:info.source in the resulting dataset.

In the top navigation bar, select Queries.
Choose a method to show the available data sources.
- In the Query text field, select Ctrl+Space.
- In the Query text field, enter the first few letters of a data source.
A list of available data sources shows.
Enter your query.
Select Execute (Cmd+Enter).
The results of your query show.
If necessary, select Save to save the query for future use.
If necessary, select Save Assertion to save the assertion for future use.
If necessary, select Export and choose Excel or CSV as an export format.