Tanzu Platform SaaS

Graph database search query construction in Tanzu Platform

Last Updated February 19, 2025

You can create search queries of the graph database in Tanzu Platform to locate particular resources you can work with in Tanzu Platform.

Select one or more resource types by provider

Supported providers include:

  • AWS
  • Azure
  • Kubernetes

Property conditions

Your resource configurations are stored as properties and values of the resource object. For example, running EC2 instances have a property StateName with value running.

To locate resources with specific configurations, you can use the following property conditions.

ConditionSyntaxDescription
property with a valuepname = pvalueProperty with name pname has value equal to pvalue.
property different than a valuepname != pvalueProperty with name pname has value different than pvalue.
property existspn(pname) or propertyName(pname)There is a property with name pname.
property value existspv(pvalue) or propertyValue(pvalue)There is a property with value pvalue.

To apply the property conditions in your searches, use the following operators.

The operators are case-insensitive. The operator HAS and has might both be used.

OperatorUsage
HASApply one or more conditions to a resource type.
ANDGroup conditions when all of them must be satisfied.
ORGroup conditions when at least one of them must be satisfied.
NOTReverse a condition.
()Specify the order in which conditions are evaluated.
QueryDescription
Azure.Compute.VirtualMachine has PowerState = PowerState/runningRunning Azure VMs.
AWS.EC2.Instance has region = us-east-2 and pn(PublicIpAddress)EC2 Instances from region us-east-2 with Public IP address set.
region = us-east-2Any resources from region us-east-2.
AWS.EC2.Instance has (region = us-east-2 or region = us-east-1)EC2 Instances from region us-east-1 or us-east-2. Without parenthesis retrieve all resources from us-east-2.

Tag condition

The tags you configure in your cloud provider can be accessed with the tag prefix. For example, use tag.createdBy to access the tag with name createdBy.

To locate resources by tag, you specify the following tag conditions.

ConditionSyntaxDescription
tag with a valuetag.tagname = tagvalueTag with name tagname has value equal to tagvalue.
tag different than a valuetag.tagname != tagvalueTag with name tagname has value different than tagvalue.
tag existstag.tagnameThere is a tag with name tagname.
tag value existstag = tagvalueThere is a tag with value tagvalue.

Tag conditions are applied using the same operators as property conditions and can be mixed and matched with property conditions.

TagDescription
Azure.Compute.VirtualMachine has PowerState = PowerState/running and tag.createdBy = EngineeringRunning Azure VMs created by engineering.
AWS.EC2.Instance has region = us-east-2 and not tag.OwnerEC2 Instances from region us-east-2 without an owner tag.

Comparison operators with date and time functions

Comparison operators (<=, <, >, =>) are available for integer and date/time properties. In addition, some special date and time functions are available to construct dates easily.

SyntaxDescription
hoursAgo(n)Returns the time n hours earlier than now.
daysAgo(n)Returns the time n days earlier than now.
monthsAgo(n)Returns the time n months earlier than now.
yearsAgo(n)Returns the time n years earlier than now.
QueryDescription
AWS.EC2.Instance has CpuCoreCount >= 4EC2 Instances with 4 CPU cores or more.
AWS.IAM.AccessKey HAS AccessKeyLastUsedDate < 2021-01-01Access keys last used earlier than Jan 1st 2021.
AWS.IAM.AccessKey HAS AccessKeyLastUsedDate < monthsAgo(6)Access keys last used earlier than six months ago.

Wildcards

To find resource matching a pattern, use the wildcard operator * (asterisk) in your query to match any string. You can use the operator in property names, property values, tag names, and tag values.

If you must search for the asterisk symbol as a value in a query, surround the string in double quotes to avoid the symbol having any special meaning. If the string itself contains double quotes, escape them with a backslash.

Statement typeSyntaxDescription
begins withabc*Begins with “abc”
ends with*abcEnds with “abc”
begins and endsabc*xyzBegins with “abc” and ends with “xyz”
QueryDescription
AWS.EC2.Instance has PrivateIpAddress = 10.0.1.*EC2 Instances from the 10.0.1.x subnet.
AWS.IAM.PolicyStatement HAS Principal = {“Federated”:*}PolicyStatement with principal property starting with {“Federated”:
QueryDescription
AWS.IAM.PolicyStatement HAS Action = “*”Policy statement valid for all actions.
AWS.IAM.PolicyStatement HAS Principal = “{"AWS":"*"}”Policy statement with Principal equal to {“AWS”:“*”}.

Search for related resources

To find related resources use the relationship operator -> to search for relationships between two sets of resources. To locate resources that are not related, use the inverted relationship operator !->.

QueryDescription
AWS.EC2.Instance has region=us-east-1 -> AWS.EC2.Volume HAS Encrypted = falseEC2 Instances with unencrypted Volumes.
AWS.EC2.Volume !-> AWS.EC2.InstanceVolumes that are not attached to an EC2 instance.

Count search results

To count the results of a search, add count(pname) at the end of the search query. This type of aggregation is supported for queries that don’t include the relationship operator.

QueryDescription
AWS.EC2.Instance HAS StateName=Running and pn(PublicIpAddress) count(region)Running EC2 Instances with a public IP address by region.
Azure.Compute.VirtualMachine has PowerState = PowerState/running count(ResourceGroup)Running Azure VMs counted by resource group.
GCP.Compute.Instance HAS pn(ExternalIPAddresses) count(region)GCP Compute instances with external IP by region.

Double quotes syntax rules

The usage of double quotes around strings is optional in most cases. However, you must enter double quotes if the string contains special characters that might cause ambiguity during parsing.

QueryDescription
tag.Project = StardeckEquivalent to tag.Project = “Stardeck”. Double quotes are not required.
tag.Project = “Stardeck(1)”Double quotes are required because of the brackets. Otherwise the query is invalid.
tag.Description = “This is a description with spaces”Double quotes are required because of the spaces.
tag.Description = “This is a description with spaces and special characters !@#$%^&*()_+[]”Double quotes are required so that each of the special characters is interpreted literally.
tag.Description = “This is a description with spaces and "quotes"”Double quotes are required and the quotes must be escaped with a backslash.