Quotation marks
In an AQL query, query terms and queried columns sometimes require single or double quotation marks so that QRadar® can parse the query.
The following table defines when to use single or double quotation marks.
Type of quotation marks | When to use |
---|---|
Single | To specify any American National Standards Institute (ANSI) VARCHAR string to SQL such as
parameters for a LIKE or equals (=) operator, or any operator that expects a VARCHAR
string. Examples:
|
Double | Use double quotation marks for the following query items to specify table and column names
that contain spaces or non-ASCII characters, and to specify custom property names that contain
spaces or non-ASCII characters. Examples:
Use double quotation marks to define the name of a system object such as field, function, database, or an existing alias. Example:
Use double quotation marks to specify an existing alias that has a space when you use a WHERE, GROUP BY, or ORDER BY clause Examples:
|
Single or double | Use single quotation marks to specify an alias for a column definition in a
query. Example:
Use double quotation marks to specify an existing alias with a space when you use a WHERE, GROUP BY, or ORDER BY clause. Example:
|
Copying query examples from the AQL guide
If you copy and paste a query example that contains single or double quotation marks from the AQL Guide, you must retype the quotation marks to be sure that the query parses.