Using Stellar for Queries
You can use Stellar to create queries.
The Stellar query language supports the following:
Referencing fields in the enriched JSON
Simple boolean operations: and, not, or
Simple arithmetic operations: *, /, +, - on real numbers or integers
Simple comparison operations <, >, <=, >=
if/then/else comparisons (in other words, if var1 < 10 then 'less than 10' else '10 or more')
Determining whether a field exists (via
exists)The ability to have parenthesis to make order of operations explicit
User defined functions
The following is an example of a Stellar query:
IN_SUBNET( ip, '192.168.0.0/24') or ip in [ '10.0.0.1', '10.0.0.2' ] or exists(is_local)
This query evaluates to “true” precisely when one of the following is true:
The value of the ip field is in the 192.168.0.0/24 subnet.
The value of the ip field is 10.0.0.1 or 10.0.0.2.
The field is_local exists.