Referencing Resources

Available: Resource Referencing

From version 1.213, a reserved prefix is available.

Repository and View resources (saved searches, files) can be referenced using a macro, where the macro starts with $ and is used to identify a LogScale asset that is to be used as part of the query. For the macro, where the portion of the macro before the :// is used to identify the type of the resource. The prefix is case sensitive, and if no prefix is supplied then LogScale assumes the macro is a saved query.

Parser
To reference a parser, use the prefix $parser://, for example, $parser://myParser(). To refer to a specific parser within a given package, use $parser://package/scope:myParser().
Referencing the parser in this way only references the parser query language; not additional settings within the parser outside of the query content.
Using the macro in this way enables inclusion of the parser processing within another parser.
Saved Search
To reference a saved search, use the prefix $query://, for example, $query://myQuery().

When using the macro:

Prefix is case sensitive.
If no prefix is supplied, then the reference is assumed to be a saved search.
If the resource type is not supported, then the reference is treated as an invalid reference, and an error will be produced noting that the resource cannot be resolved.
Circular references are not allowed.
Parameters can be added to saved searches and parser macros using the User Parameters/Variables notation.

During name resolution, the following options are available:

Resolve the resource within the local view or repository.
Resolve the resource by using the name of an alternate view or respository in the resource name. See Resolving Resources to a Different Named View or Repository.
Reslove the resource by configuring an alternative a different view or repository as the source. See Resolving Resources Using an Alternate View or Repository.

Resolving Resources to a Different Named View or Repository

Available: Resolving Resources in Other Repositories or Views v1.217

Repositories and views can be configured to look in a different repository or view to resolve file or saved search lookups.

Saved queries and files can be accessed using cross-view referencing, enabling the use of a file or saved search from another view or repository.

To use this referencing requires a modified forrm of the asset reference:

logscale Syntax

file://VIEWNAME:FILENAME
$query://VIEWNAME:QUERY()

Where:

VIEWNAME is the name of the other repository or view where the resource is located.
FILENAME is the name of the file to be accessed.
QUERY is the name of the saved query to be accessed.

For example, to access a saved query:

logscale

$query://anotherView:saved()

If the saved query contains characters that need to be quoted, quote the entire reference:

logscale

$"query://anotherView:saved query name"()

To reference a file:

logscale

match("file://anotherView:awesomefile.csv", field=field1, column=column1, nrows=2)

Resolving Resources Using an Alternate View or Repository

Security Requirements and Controls

Create repository permission

Available: Resolving Resources in Other Repositories or Views v1.217

Repositories and views can be configured to look in a different repository or view to resolve file or saved search lookups.

Views can be configured to resolve saved queries, lookup files and field aliases from a different view or repository. This allows the creation of these resources to be used in related repositories and views without copying or duplicating the information.

Referencing views and resources in this way enables a single view or repository to be configured with common resources that can then be used from other views and repositories. This reduces the requirement to copy saved queries, files and field aliases between repositories and simnplifies management of these resources.

To configure, use the GraphQL mutation redirectQueryAssetLookupTo to configure an alternative view or repository to use when resolving assets. Once configured, any saved query, lookup file or field alias used in queries executed against that view will be resolved from the alternative view or repository instead. For example, if ViewA is configured to lookup resources from ViewB then calling::

logscale

RepositoryViewA

$commonFilter()

Will instead be resolved from ViewB.

Important

To configure this feature, you need the ManageViewConnections organization level permission. The alternative view or repository must be accessible within your organization. When queries execute, permission checks apply to the view where the query runs, not the asset source view or repository. This means any user that can query in a view that is set up to use assets in the alternative view or repository, will be able to use those assets without having access to the alternative asset view or repository. This is similar to how a view connection works today; a user can query in a view that is connected to a number of repositories, without having read access in those individual repositories.

Versions of this Page

Data Analysis Overview

LogScale Web Interface

Manage Repositories and Views

Manage Account

Parse Data

Search Data

Write Queries

Query Language Syntax

Query Joins and Lookups

Query Functions

Data Visualization

Automation

Template Language

Keyboard Shortcuts