Link Search Menu Expand Document

Lucene Queries

Query attributes:

Fluency uses its own attribute names to search for such as “sip:A.B.C.D” to search for a source IP address. These attribute names such as “sip” are defined by Fluency and do not follow any public standard. Further chapters will describe common attributes. Please know that these attributes are case sensitive!

Query syntax behavior:

If Fluency is queried for attributes such as “sip:A.B.C.D” it is important to know that Fluency searches for results that are EQUAL to “A.B.C.D”. A query with the string “sip:A.B.C.” could indicate that any source IP within the range “A.B.C.” is searched. This query though will fail as Fluency will search for results with a value equal to “A.B.C.”. In this case operators of the Lucene syntax should be used instead such as “*”.

A query with string “sip:A.B.C.*” will be able return multiple results with any value at the fourth octet of the source IP.

Attribute Value Type Description
@tags:squid String Any events tagged with “squid”
method String HTTP request method
http_host String Remote HTTP host
request_url String URL of HTTP query
src_ip String Client source IP
src_port Numeric Proxy outbound source port
dest_ip String Remote host IP
proto String Protocol name
action String Proxy TCP action
src_port_client Numeric Client source port
user String At proxy authenticated domain user account
dest_port Numeric Remote host port
user_agent String Client User-Agent string
status Numeric HTTP response code from remote host