Filtering queries for log data

Adding a filter to a query narrows down the records that the fetch command returns.

The easiest way to build a filter is to reference an existing filter element by its URI.

Example:

{"format":{"type":"raw"},"fetch":{"quantity":1},
"query":{"filter":{"type":"expression",
"href":"http://127.0.0.1:8082/7.2.1/elements/filter_expression/82"}}}

You can also build a filter without using an existing filter element.

For example, this query fetches all log entries in which the 'Action' field (14) is set to 'Allow' (1) or 'Permit' (11):

{"query": {"filter": {"type": "in", "left": {"type": "field", "id" : 14}, 
"right": [{"type": "constant", "value":1 },{"type": "constant", "value":11 }]}}, 
"fetch":{}}

This query fetches the 100 first log entries in which 'Originator' field (4) equals the ip address '127.0.6.44':

{"format":{"type":"string"},"query": {"type":"current","filter": 
{"type":"in", "left":{"type":"field","id":4},"right":
[{"type":"ip","value":"127.0.6.44"}]}},"fetch":{"quantity":100}}