Search Asset Jobs

compute.addresscompute.address

Provide the asset IP address to find the asset by the specified IP.

Example

Show assets with the IP 10.115.126.240

compute.address:10.115.126.240

compute.agentIdcompute.agentId

Use an integer value ##### to find all results with an asset's UUID of interest.

Examples

Show all results with this asset UUID

compute.agentId:`21`

compute.namecompute.name

Use quotes or backticks within values to find all results that have the specified word in the asset name.

Example

Show all results that contain parts of this asset name

compute.name: windows02

compute.idcompute.id

Use an integer value ##### to find all results with an asset ID of interest.

Examples

Show all results with this asset ID

compute.id:`21`

agent.nameagent.name

Use quotes or backticks within values to find all results that have the specified word in their agent name.

Examples

Show all results that contain parts of this agent name

agent.name:"O365unix"

Show all results that match exact value "unixrun"

agent.name:`unixrun`

operatingSystem.nameoperatingSystem.name

Use a text value ##### to find results for certain operating system of the asset.

Examples

Show all results with this operating system

operatingSystem.name:`WINDOWS`

assetjob.durationInMillisassetjob.durationInMillis

Use a text value ##### to find jobs that completed within the specified time or time range.

Example

Show jobs that completed within 100 to 460 seconds:

assetjob.durationInMillis: [100 .. 460]

Show jobs that completed in 1200 seconds:

assetjob.durationInMillis: 1200

assetJob.executionStartTimeassetJob.executionStartTime

Use a text value ##### to find jobs that executed at the specified date and time. You must provide the date in the 'YYYY-MM-DDTHH:mm:ss.sss' format. This QQL also supports the following operators:.

>=, >, <, =>

Provide the value within quotes to get the exact match.

Example

Show jobs that were executed on September 21 at 3:30:

assetJob.executionStartTime:"2022-09-21T13:30:00.000"

return.code.descriptionreturn.code.description

Fetch asset jobs that contain the specified return code description.

Example

Show asset jobs with the return code description Application Uninstalled

return.code.description: Application Uninstalled

You can see autocomplete suggestions for all relevant return code descriptions while typing the query. These suggestions are job-specific.

script.returnCodescript.returnCode

Use an integer value ##### to fetch asset jobs that contain the specified return code.

Example

Show asset jobs with the return code 2

script.returnCode: 2

script.namescript.name

Use quotes or backticks within values to find all results that have the specified word in the script name.

Examples

Show all results that contain parts of this script name

script.name:"O365unix"

Show all results that match exact value "unixrun"

script.name:`unixrun`

script.typescript.type

Use a text value ##### to find all results that have the specified script type (Powershell, Perl, Python, Shell, Lua).

Examples

Show results with this script type

script.type:Shell

script.categoryscript.category

Use a text value ##### to find all results that have the specified script category. Categories include DATA BACKUP, DATA COLLECTION, GENERAL AUTOMATION and so on.

Examples

Show results with this script category

script.category:GENERAL AUTOMATION

assetJob.statusassetJob.status

Use a text value ##### to find all results with the specified status of the asset job. Values include EXECUTION FAILED, EXECUTION FAILED, MANIFEST_ASSIGNED and so on.

Example

Show asset jobs with the status EXECUTION FAILED

assetJob.status: EXECUTION FAILED

script.languagescript.language

Use a text value ##### to filter asset jobs based on the scripting language.

Example

Show findings with this language

script.language: 'Python'

script.idscript.id

Use an integer value ##### to find asset jobs based on script ID.

Examples

Show all results with this script ID