Learn more about some important information before getting started with XQL queries.
Before you begin running XQL queries, consider the following information:
Use the interface to help you build queries
Cortex XSIAM offers features in the XQL search interface to help you to build queries. For more information see Useful XQL user interface features.
Mitigate long running queries
Querying the XDM enables searching of Cortex XSIAM's extensive data. We recommend that you use filters to streamline your queries. For more information, see XQL Query best practices.
Understand query defaults and limitations
Before you run a query, review this list to better understand query behavior and results. For more information, see Expected results when querying fields.
Translate Splunk queries to XQL
If you have existing Splunk queries, you can translate them to XQL. For more information, see Translate to XQL.
Tip
If you are new to creating queries, you can also try our simple search templates which can help you get started in understanding how queries work. See Query Builder templates.