V1 - Query - Field Entity Match Filter

sEntityinfo(field, entity_list_name)

The sEntityinfo filter is used to search/match the exact content of a field, for any matching values in the specified 'Entity Info' list.

The entity information lists can be found in https://demo.cloud.fluencysecurity.com/user/EntityInfo.

Example:

  search {from="-3d@d",to="@d"} sContent("@eventType","nxlogAD") and sEntityinfo("@fields.EventID","AD_EventID")
  let EventID = f("@fields.EventID") 
  aggregate count() by EventID

The results are as below. In this example, "AD_EventID" is the entity name and "@fields.EventID" is the field. Only search within those column whose field values ("@fields.EventID") match the entity name ("AD_EventID").

The decription of the eligible event ID during this search can be checked as below:

  search {from="-3d@d",to="@d"} sContent("@eventType","nxlogAD") and sEntityinfo("@fields.EventID","AD_EventID")
  let EventID = f("@fields.EventID") 
  let {Description}= entitylookup(EventID, "AD_EventID")

Page last updated: 2022 Oct 26

V1 - Query - Field Entity Match Filter

sEntityinfo(field, entity_list_name)​

Example:​

sEntityinfo(field, entity_list_name)

Example: