Learn more about some important information before getting started with XQL queries.
Before you begin running XQL queries, consider the following information:
Use the interface to help you build queries
Cortex XSIAM offers features in the XQL search interface to help you to build queries. For more information see
Mitigate long running queries
Querying the XDM enables searching of Cortex XSIAM's extensive data. We recommend that you use filters to streamline your queries. For more information, see .
Understand query defaults and limitations
Before you run a query, review this list to better understand query behavior and results. For more information, see .
Translate Splunk queries to XQL
If you have existing Splunk queries, you can translate them to XQL. For more information, see .
Tip
If you are new to creating queries, you can also try our simple search templates which can help you get started in understanding how queries work. See Query Builder templates.