Reference for the query language

Edit online

This reference explains how to code your customized queries. A query is a YAML file. So, you must be fluent in YAML coding.

Note: This reference does not explain Jinja2 coding, which must be used to write the parameterized queries named templates. For more information, see the Jinja2 documentation.

What does a query contain

A query is constituted of a select clause, where you enter the extraction criteria of the records, and an output clause where you indicate how to print the selected records in the result.

What is a record

The indexing process produces a record for each YAML mapping node that is present in an evidence file.

Example: The following code lines are extracted from an evidence file:

attributes:
  status: disabled
context: CICS01
resources:
  filter:
    PROGRAM: LGIPOL02
  get_parameters: True
scheme: http

This YAML extract will produce four records when it is indexed:

The first record is the root with a level 0. It contains four fields: attributes, context, resources, and scheme.
The second record is a subrecord with a level 1. It contains only the status field.
The third record is a subrecord with a level 1. It contains the filter and get_parameters fields. These fields are the values of the resources field.
The fourth record is a subrecord with a level 2. It contains only the PROGRAM field.