Table of Contents
Advertisement
6
U
AQL Q
SING THE
Accessing the AQL
Query CLI
Step 1
Step 2
CLI Options
CLI
UERY
The non-interactive mode does not include a prompt allowing you to redirect the
output to a file with a regular UNIX pipe syntax. By default, the results are sent
to a standard output.
To access the AQL query CLI:
Log in to STRM, as root.
Enter the following command:
/opt/qradar/bin/arielClient
The Query prompt appears.
Table 1-1
lists the supported CLI options:
Table 1-1 AQL CLI Options
Option
-range <first
record> <last
record>
-debug
-start <time>,
-end <time>
-exectime <time
limit>
-execute <AQL
query>
-f <output
format>
-remote
<host:port>
AQL Event and Flow Query CLI Guide
Description
Limits the number of records sent to the output within the
specified range. This is useful for viewing a selection of
records generated by an ordered query. For example, if you
wish to view the first ten records, you must specify -range 1
10.
Generates debugging output during execution.
Specifies the start and end time of the query.
Where <time> specifies the time. You must specify the time
as either a UNIX timestamp or a date using the following
format: yyyy/mm/dd-hh:mm:ss.
For example:
/opt/qradar/bin/arielClient - start
2007/08/11-01:15:00 -end 2007/08/11-01:17:00
Specifies the maximum period of time, in seconds, a single
query may continue processing.
Allows you to enter non-interactive mode that allows you to
process a query that is sent to standard output. If you do not
include this option, the command is entered in interactive
mode. You must include your query in double quotes.
Allows you to specify the output format for the query results.
The table format is an ASCII drawing of a multi-column table
while the CSV format provides a comma separated list.
Where <output format> indicates the output format. The
options are table or csv.
Specifies that you wish to connect to a specific Ariel query
host and port.
Advertisement
Table of Contents
