Examples Library

Important

This manual provides example LogScale queries, with each query described, line by line, to demonstrate not only the syntax of the queries, but also why the different syntax and expressions have been used to search the query data.

Search LogScale Query Examples

Search by query type, title, or function.

Recent Query Examples

Return Multiple Matches as Array Fields
Enrich events with user context from external CSV file using the matchAsArray() function
Parse XML With Multiple Inner Elements
Handle repeated XML elements using the parseXml() function
Identify Potentially Malicious Domains
Group Domain Names and look up IOC Information using the ioc:lookup() function for domain analysis
Parse XML Content From Task Triggers
Extract and analyze XML data from scheduled tasks using the parseXml() function
Display User Account Deletion Events in Table Format
Create a table showing deleted user accounts using the table() function
Find Processes with Low Execution Count
Group processes by hash and name to identify rarely executed ones using the groupBy() function
Create Single Array from Object Arrays
Transform one or more objects from object arrays into a single array
Encode Search Query For URL Usage
URL encode a search query string using the urlEncode() function
Extract Email Local Part
Extract email username using the text:substring() function with text:positionOf()
Count Characters Including Emojis in String
Get string length including emojis using the text:length() function

Examples Library

Examples Library

Important

Enter search term