Searching Data from Juniper X-Force Exchange with Advanced Search Criteria
For complex queries, you can search and filter data from X-Force Exchange by using Advanced Search expressions.
Advanced searches return data from the Log Activity or the Network Activity tab in JSA.
URL searches cannot be returned from the Network Activity tab because the URL information is provided by the event data.
- Click the Log Activity tab.
- On the Search toolbar, select the Advanced Search.
- Type an AQL query expression.
Note The following table describes some common search expressions.
Example
select * from events where XFORCE_IP_CONFIDENCE(’Spam’,sourceip)>50
select url, XFORCE_URL_CATEGORY(url) as myCategories from events where XFORCE_URL_CATEGORY(url) IS NOT NULL
select sourceip, XFORCE_IP_CATEGORY(sourceip) as IPcategories from events where XFORCE_IP_CATEGORY(sourceip) IS NOT NULL
- Click Search.