Adding comments in queries - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Documentation

Product
Cortex XSIAM
Creation date
2024-03-06
Last date published
2024-11-07
Category
Administrator Guide
Abstract

Learn more about adding comments in Cortex Query Language queries.

You can add comments in any section when building a query in Cortex Query Language (XQL).

  • Comments are added on a single line using the following syntax.

     //<comments>

    For example,

    dataset = xdr_data
    | filter event_type=1
    //ENUM.process
    and event_sub_type = 1
    //ENUM.execution
  • To write a comment that extends over multiple lines use the following syntax.

    /*multi-line <comments> */

    For example,

    dataset = xdr_data 
    | filter 
    /*multi-line Adding comments is a great thing.
    Here is an example */ 
    event_type=1