In the FPL, data selection is done via the
search command, for normal log (event) data, and the
load command, for special ‘resources’ data. The data selection is applied before all other FPL commands.
This following section will focus on the
load command. See the preceeding sections on “Events”, for more information on how to use the
The load command uses the following syntax:
The ‘resource’ parameter allows the user to use data from one of the available ‘resources’ table in Fluency.
load resource <resourceName>
The following values are supported for
ADUser- Windows AD users (LDAP integration)
falconAgent- Crowdstrike Falcon agents (API integration)
sentinelOneAgent- SentinelOne agents
FEHxDevice- FireEye Endpoint Security (HX) devices
awsIAMUser- AWS IAM users
awsS3Bucket- AWS S3 buckets
awsEc2Instance- AWS EC2 instances
awsEbsVolume- AWS EBS volumes
nessusPlugin- Vulnerabilities detected by Nessus Professional scanner
load command does not have / need time or query selections
Please visit the relevant sub-section(s) for detailed information on a specific resource.
Page last updated: 2022 Sep 14