CrowdStrike Query Language Grammar Subset
The following grammar represents a subset of the CrowdStrike Query Language. The full grammar is what is implemented by the parser in LogScale, and it contains several quirks that have been elided from this subset.
This guide is intended for programmatically generating LogScale queries — not for parsing them. If you follow the rules in this grammar, the generated queries should be parsed by the LogScale parser.
See Grammar Subset for an overview of the items in this guide.
See Appendix A, Quirks for a discussion of quirks and lessons learned.
See Appendix B, Notation for an overview of the notation used.
See Appendix C, Character Table for a list of the characters supported in the character set ISO/IEC 8859-1.
See Appendix D, Appendix D - Reserved Words for a list of reserved words that should be quoted if they want to be used for filtering.