Topic
  • 4 replies
  • Latest Post - ‏2014-09-26T18:48:47Z by rok.debevc
rok.debevc
rok.debevc
3 Posts

Pinned topic Ariel query character problem

‏2014-09-25T19:34:09Z |

Example query: 

Query >> SELECT deviceTime, name FROM events WHERE name ILIKE '_ARKO'

| deviceTime    | name         | 
----------------------------------------
| 1411652760000 | ŽARKO

 

But if i choose any of this character ČŽŠ in query i get an error. Example:

Query >> SELECT deviceTime, name FROM events WHERE name ILIKE 'ŽARKO'

Exception in query:

line 1:63: expecting ''', found 'å'

 

How can i use ariel query with this characters ĐŠŽĆČ?

Thanks

Rok

  • KateM (IBM)
    KateM (IBM)
    43 Posts
    ACCEPTED ANSWER

    Re: Ariel query character problem

    ‏2014-09-26T16:21:41Z  

    Qradar is version 7.2.2

    Yes, we are using command line arielClient.

    arielClient was used only because the query did not work through restapi and command line gave me some error output ;)

    Thanks and regards

    Rok

    Hi Rok,

    For the restapi, are you encoding your query parameters? They should be encoded as utf-8 (and url encoded), likewise API response messages will be returned as utf-8 encoded.

    You should be able to try out your query expression using the API doc page https://<qradar_host>/restapi/doc by entering your queryExpression for the /ariel POST /searches endpoint and clicking the "Try it out!" button (please note this will create an ariel search in your system). 

    Regards,

    Kate

  • KateM (IBM)
    KateM (IBM)
    43 Posts

    Re: Ariel query character problem

    ‏2014-09-26T12:31:22Z  

    Hi Rok,

     

    Could you let me know what version of Qradar you are using?  I'd also like to confirm how you are running the query, from your example it looks like you are using the command line arielClient, is that correct?

    Thanks,

     

    Kate

  • rok.debevc
    rok.debevc
    3 Posts

    Re: Ariel query character problem

    ‏2014-09-26T12:37:22Z  

    Hi Rok,

     

    Could you let me know what version of Qradar you are using?  I'd also like to confirm how you are running the query, from your example it looks like you are using the command line arielClient, is that correct?

    Thanks,

     

    Kate

    Qradar is version 7.2.2

    Yes, we are using command line arielClient.

    arielClient was used only because the query did not work through restapi and command line gave me some error output ;)

    Thanks and regards

    Rok

  • KateM (IBM)
    KateM (IBM)
    43 Posts

    Re: Ariel query character problem

    ‏2014-09-26T16:21:41Z  

    Qradar is version 7.2.2

    Yes, we are using command line arielClient.

    arielClient was used only because the query did not work through restapi and command line gave me some error output ;)

    Thanks and regards

    Rok

    Hi Rok,

    For the restapi, are you encoding your query parameters? They should be encoded as utf-8 (and url encoded), likewise API response messages will be returned as utf-8 encoded.

    You should be able to try out your query expression using the API doc page https://<qradar_host>/restapi/doc by entering your queryExpression for the /ariel POST /searches endpoint and clicking the "Try it out!" button (please note this will create an ariel search in your system). 

    Regards,

    Kate

  • rok.debevc
    rok.debevc
    3 Posts

    Re: Ariel query character problem

    ‏2014-09-26T18:48:47Z  

    Hi Rok,

    For the restapi, are you encoding your query parameters? They should be encoded as utf-8 (and url encoded), likewise API response messages will be returned as utf-8 encoded.

    You should be able to try out your query expression using the API doc page https://<qradar_host>/restapi/doc by entering your queryExpression for the /ariel POST /searches endpoint and clicking the "Try it out!" button (please note this will create an ariel search in your system). 

    Regards,

    Kate

    Hi Kate,

    we encode our query 'ŽARKO' to '%C5%BDarko' and now works!

    Thanks for quick answer.

    Best regards

    Rok