Skip to main content Link Search Menu Expand Document (external link)

Query - sEntityInfo

Table of contents
  1. sEntityinfo

sEntityinfo

The definition of entity can be seen on the page of entitylookup

Example:

  search {from="-3d@d",to="@d"} sContent("@eventType","nxlogAD") and sEntityinfo("@fields.EventID","AD_EventID")
  let EventID = f("@fields.EventID") 
  aggregate count() by EventID

The results are as below. In this example, “AD_EventID” is the entity name and “@fields.EventID” is the field. Only search within those column whose field values (“@fields.EventID”) match the entity name (“AD_EventID”).

The decription of the eligible event ID during this search can be checked as below:

  search {from="-3d@d",to="@d"} sContent("@eventType","nxlogAD") and sEntityinfo("@fields.EventID","AD_EventID")
  let EventID = f("@fields.EventID") 
  let {Description}= entitylookup(EventID, "AD_EventID")