Learn more about Nested Queries

Use nested queries when multiple tokens share a common key. Nested queries allow you to group related conditions under the same key to ensure that all criteria are evaluated together.

For example, in the query below, both tokens have a shared key (asset), so they are enclosed within a single nested query:

asset:(assetID:43954857 AND cpuCount:2)

Considering the intent of your query. Here are some examples.

Example Query 1:

asset:(agentID:123456789 AND lastLoggedOnUser:jrbilles)

This query looks for findings where both the agent ID and the last logged-on user match for the same asset.

Result: A finding is returned only if both criteria are true for the same asset.

Example Query 2:

asset.agentID:123456789 AND lastLoggedOnUser:jrbilles

This query looks for findings with the given agent ID or the given last logged-on user. The conditions are not grouped under the same key, so each is checked separately.

Result: Returns findings that match either one or both conditions.

When the conditions are not grouped under the same key, each one works separately. This means your search results might include more items than you expect.

Example Query 3:

software:(name:DataRobot AND version:2.0)

This query looks for assets that have software with both the specified name and version.

Result: A single asset is returned only if both software attributes match.

Example Query 4:

software:(name:DataRobot) AND software:(version:1.0)

This query looks for assets that have the software name and assets that have the software version. Each condition is checked in its own criteria.

Result: All assets that have the given software name, as well as all assets that have the given software version, are returned.

Example Query 5:

software:(name:DataRobot OR version:1.0)

This query looks for assets that have either the software name or the software version.

Result: Returns all assets that match at least one of the conditions.