Use Stellar for Queries
You can use Stellar to create queries.
The Stellar query language supports the following:
-
Referencing fields in the enriched JSON
-
Simple boolean operations: and, not, or
-
Simple arithmetic operations: *, /, +, - on real numbers or integers
-
Simple comparison operations <, >, <=, >=
-
if/then/else comparisons (in other words, if var1 < 10 then 'less than 10' else '10 or more')
-
Determining whether a field exists (via
exists) -
The ability to have parenthesis to make order of operations explicit
-
User defined functions
The following is an example of a Stellar query:
IN_SUBNET( ip, '192.168.0.0/24') or ip in [ '10.0.0.1', '10.0.0.2' ] or exists(is_local)
This query evaluates to “true” when one of the following is true:
-
The value of the ip field is in the
192.168.0.0/24 subnet. -
The value of the ip field is
10.0.0.1or10.0.0.2. -
The
field is_localexists.