Search Syntax Reference
LogLogic Advanced Search query language is intuitive and efficient, you can search large data and view results in seconds.
The search query supports the following types of languages:
- Event Query Language (EQL)
- Structured Query Language (SQL) dialect.
- Event Correlation Language (ECL)
Both EQL and SQL are equally capable for searching, but the syntaxes are different in some cases. For example, simply providing a string in EQL is understood as a full text search, but it gives a syntax error in SQL. So the translation is not always literal. EQL is easy to use, however, SQL is more familiar and it is to write SQL using existing SQL tools.
Using EQL, you can define filters, regular expressions, sources, time ranges. ECL can be used to find patterns in a given set of data and for correlation purposes.