Grafana macros
IBM® Security QRadar® AQL Plugin supports two time picker macros.
| Macro | AQL |
|---|---|
|
START / STOP based on time picker selected to and from
values. |
|
START based on time picker selected from
value. |
See the following examples:
SELECT starttime FROM events $__timeFilter(starttime)
SELECT COUNT(sourceip) FROM events $__timeFrom(starttime)
Important: The Ariel flows database return results from the last 5 minutes by default.
Query results for a specific time interval can be returned using the time filter macro and the
Grafana time picker. See the following
example.
SELECT SUBSTRING(sourceip, 3, 5) AS substring FROM flows LIMIT 5 $__timeFilter(starttime)