Use Stellar for Queries

You can use Stellar to create queries.

The Stellar query language supports the following:

  • Referencing fields in the enriched JSON

  • Simple boolean operations: and, not, or

  • Simple arithmetic operations: *, /, +, - on real numbers or integers

  • Simple comparison operations <, >, <=, >=

  • if/then/else comparisons (in other words, if var1 < 10 then 'less than 10' else '10 or more')

  • Determining whether a field exists (via exists)

  • The ability to have parenthesis to make order of operations explicit

  • User defined functions

The following is an example of a Stellar query:

IN_SUBNET( ip, '') or ip in [ '', '' ] or exists(is_local)

This query evaluates to “true” when one of the following is true:

  • The value of the ip field is in the subnet.

  • The value of the ip field is or

  • The field is_local exists.