AQL operator reference

AQL Query search supports the following comparison operators.

Case insensitive:

Equals (=): the whole value equals to the pattern
Not equals (!=): the value isn’t exactly equal to the whole pattern
Contains (=*): the value contains the given pattern
Doesn’t contain (!*): the value doesn’t contain the given pattern
Matches (=~): the pattern as a regular expression matches the value
Doesn’t match (!~): the case-insensitive regular expression doesn’t match

The comparison operators have their corresponding case sensitive (strict) versions:

Equals (==)
Not equals (!==)
Contains (==*)
Doesn’t contain (!=*)
Matches: (==~)
Doesn’t match (!=~)

The syntax of the regular expressions accepted is the same general syntax used by Perl, Python, and other languages. The regular expressions are evaluated in case-insensitive mode in case of the =~ and !~ operators. The patterns are not anchored to the whole string, but you can use ^ at the beginning of the pattern and $ at its end to match the whole value.

AQL Query comparison operators

You can create complex queries using the AND and OR logic operators and parentheses, for example, ( host_name =* azure AND host_label_team = network ) OR ( host_name =* app AND host_label_app =* windows )

Escaping rules

Enclose the field names and values in single-quotes ('), double-quotes ("), or \` if it contains characters not on this list: @, a-z, 0-9, ._- If all three quote types occur, enclose with single-quotes and escape single-quotes as \\'.

You can escape backslashes as \\\\.