VMware Aria Operations for Networks 6.14

6.14 6.13 6.12 6.11 6.10
简体中文 Deutsch Español Français 日本語 한국어 繁體中文 English

Search Queries

The search queries runs searches across your entire deployment and enables you to find all types of entities based on the specified search term. Additionally,
VMware Aria Operations for Networks
 provides suggestions to build the queries, which includes saved searches and recent searches that match the typed text in the global search bar.
Search queries can be divided into following categories:
  1. Structured Queries
    A structured query consists of the following components:
    A structured query consists of components such as projection, entity type, filter, group by and order by.
    • Entity Type
      : An entity type represents the type of object that we want to search. And it can be either in a singular form or in a plural form. The entity type is mandatory in a structured query.
      An entity type can be a VM, host, security group, VLAN, VXLAN, router, flow, problem, event, and so on.
      Here are some examples:
      1. Virtual machines
      2. Hosts
      3. Flows
      4. MTU Mismatch Alerts
      5. Problems
    • Filters
      : The syntax for filter is as follows:
      A filter must have the where clause followed by the condition.
      The syntax for condition is as follows:
      The syntax of a condition includes a property, an operator such as equal to, greater than, in, is set, and so on, and a value.
      A filter clause can be used to filter search results. The condition in a filter clause consists of property, comparison operator, and value. The conditions can be combined with logical operators to form complex conditions. Here is a list of the operators that you can use:
      Operator
      Examples
      =
      flows where source ip address = '10.16.240.0/24'
      flows where flow type = 'Source is VM'
      !=
      vms where ip address != '10.17.0.0/16'
      >
      vms where memory > 4096 mb
      <
      vms where cpu usage rate < 70%
      >=
      vms where memory >= 4096 mb
      <=
      vms where cpu usage rate <= 70%
      like
      vms where name like 'app'
      not like
      vms where name not like 'app'
      in
      flows where port in (22, 23, 80, 443)
      vm where ip address in (192.168.91.11, 192.168.91.10)
      not in
      flows where port not in (22, 23, 80, 443)
      vm where ip address not in (192.168.91.11, 192.168.91.10)
      is set
      vms where firewall rule is set
      is not set
      vms where firewall rule is not set
      ()
      flows where (src tier = ‘App’ and destination tier = ‘DB’) OR (destination tier = ‘App’ and source tier = ‘DB’)
      and
      flows where src tier = 'App' and destinationtier = 'DB'
      or
      flows where flow type = 'Source is VMKNIC' or flow type = 'Destination is VMKNIC'
      matches
      vm where name matches '.*'
      vm where name matches 'a.*'
      vm where name matches '[a-z]vm-delta[0-9]'
      not matches
      vm where name not matches '.*'
      vm where name not matches 'a.*'
      vm where name not matches '[a-z]vm-delta[0-9]'
      nested 'in' operator
      vm where in (vm where name = 'x')
      vm where in (vm of host where name = 'x')
      vm where host in (host of vm where name = 'x')
      vm where name in (name of vm where name = 'x')
      Projections
      : A projection clause in a query decides what fields must be displayed from the filtered entities. This is an optional clause. If the projection clause is not specified, then the default set of fields is shown in the search results. A projection clause can contain any one of the following items:
      1. Property
      2. Count
      3. List
      4. Aggregation
      5. Series
      "" (null text)
      1. Property
        : When entities are searched by an entity type, default set of properties are shown in the search results. Using projections, we can select the fields that should appear in the search results. For example,
        os of vms
         lists all virtual machines with
        OS property
         in the search results.
        Here are some more examples:
        • cpu cores of vms
        • source ip address of flows
        If a metric property is used, a graph is displayed for each entity with the metric property as
        y-axis
         and time as
        x-axis
        .
      2. Count
        : The count query can be used to compute the number of objects of an entity type. Here are some examples:
        • count of vms
        • count of hosts
        • count of flows
      3. List
        : A list operator is helpful if the filter condition cannot be applied on the entity that you fetch.
        For example:
        List(host) of vms where memory <= 2gb
        This query fetches list of hosts, whereas the filter condition is applied on virtual machines. For example,
        List(ip address)of vms where cpu cores = 1
        Aggregate functions
        : An aggregate function allows you to calculate a single value from a numerical
        config
         or
        metric
         property. The search query language supports the following aggregate functions:
        • max
        • sum
        • min
        • avg
        Here are some examples:
        • sum(memory) of hosts
        • sum(memory), sum(cpu cores) of vms
        • sum(bytes) of flows
      4. Series
        : A series operator is used to perform aggregation on the metric properties. For example:
        series(avg(cpu usage)) of vms where cpu cores = 4
        This query displays graph containing average cpu usage of all virtual machines with 4 cpu cores. Here are some examples:
        • series(sum(network usage)) of vms where name like 'app'
        • series(sum(memory usage)) of vms where name like 'db'
        • series(avg(cpu usage)), series(avg(memory usage)) of vms
    • Ordering
      : The search results can be sorted using
      order by
       clause. Only one field is allowed in
      order by
       clause. Results are sorted in descending order by default.
      "" (null text)
      Here are some examples:
      1. vms order by cpu cores
      2. vms order by cpu cores asc
      3. flows order by bytes
      The
      limit
       clause can be used to limit the number of results. This must be preceded by the
      order by
       clause. For example:
      vms order by memory limit 5
    • Grouping
      : The entities can be grouped by a property. When entities are grouped by a property, by default, the number of results in each group are shown. By adding a projection, sum/max/min of any property can be computed . Adding
      order by
       clause sorts the results. If
      order by
       or
      projection
       clause is present in a query, then the aggregation function must be present.
      "" (null text)
      sum(bytes) of flows group by dest vm
      This query is valid as the query has aggregation function in the projection clause. A query such as
      bytes of flows group by dest vm
       is invalid as there is no aggregation function in the projection clause.
      Here are some examples:
      1. vms group by host
      2. sum (bytes) of flows group by dest vm order by sum(bytes)
  2. Entity Queries
    "" (null text)
    Search by entity type
    : All entities of an entity type can be listed by searching the entity type.
    Examples:
    vms
     ,
    hosts
    ,
    flows
    ,
    nsx managers
    1. Search by entity name
      • Search by full name: If the full name of an entity is known, it can be searched by enclosing the name in single quotes.
        Examples:
        'prod-68-1'
        ,
        'app1-72-1'
      • Search by partial name: Search by a single word or multiple words fetches all the entities matching the input words.
        Examples:
        prod
        ,
        app1
        If input contains keywords or entity types, then it may be processed as a search query.
      • Search by entity type and name: If both the name and the type of an entity are known, it can be searched by querying entity type and entity name together.
        Example: The search query
        'vm app1'
         returns all VMs containing
        app1
        .
  3. Planning Queries
    These queries can be used to plan the security of the data center by analyzing flows.
    "" (null text)
    Examples:
    1. plan securitygroup1
    2. plan host1
    3. plan security
  4. Path Queries
    These queries can be used to show the path between two VMs or the path from VM to Internet.
    "" (null text)
    Examples:
    1. Vm 'vm1' to Vm 'vm2'
    2. VM 'vm1' to Internet
  • The search queries are not case-sensitive.
  • The entity types or the configuration properties can have synonyms. For example, entity type
    'virtual machine'
     has synonym
    'vm'
    .

Content feedback and comments