Queries
The Queries tab is the primary tool for investigating audit data. You can search from a library of pre-built queries, configure parameters, run queries, and export the results.
Selecting a Query
When no query is active, the query selector is displayed:
- Use the search bar to find queries by name.
- Use the filter section to narrow by category. You can filter by:
- Favorites to show only queries you have starred
- Category tags organized by Object, Severity, Type, and Result
- Toggle between "Any overall" and "Any in category" filter modes
- Click a query to select it.
The query list displays:
| Column | Description |
|---|---|
| Favorite | Click the heart icon to mark or unmark a query as a favorite |
| Name | The query name |
| Last Run | When the query was last executed |
| Tags | Category tags displayed as chips |
Double-click a category tag to select it exclusively, deselecting all other filters.
Configuring Parameters
After selecting a query, the Parameters tab shows:
- Query name (editable for your reference)
- Query description explaining what the query returns
- Parameter inputs that vary by query type:
| Parameter Type | Input |
|---|---|
| String | Text field |
| Number | Numeric field |
| Date / End Date | Date picker |
| Success | Radio buttons for Success, Error, or Both |
| User, Team, Project, etc. | Autocomplete search showing name and email or ID |
Fill in the required parameters and click the Run button to execute the query.
Viewing Results
Query results appear as a data table with:
- Dynamic columns based on the query's return types
- Sortable headers (click a column header to sort)
- Checkbox selection for selecting specific rows
- Search bar to filter results
Column Statistics
Hover over a column header to see aggregate statistics:
- Number of distinct values
- Total, Min, Max
- Mean, Median, Standard Deviation
- Statistics adapt to the column data type (numbers, bytes, dates, etc.)
Data Type Rendering
Results display data with type-specific formatting:
| Type | Display |
|---|---|
| Number | Formatted with commas |
| Bytes | Human-readable file sizes (KB, MB, GB) |
| Date / Time | Formatted date strings |
| IDs (User, Team, File, etc.) | Clickable links with icon and name |
| Success | Check icon for success, X icon for error |
| JSON | Code icon with expandable viewer |
| Signature | Fingerprint icon with copy-to-clipboard |
| Large Text | Truncated with tooltip on hover |
Inspecting Objects
When a result contains an ID column (UserID, TeamID, FileID, etc.), click the link to load the object in the Objects tab. The object viewer shows type-specific details:
- User: Name, email, role, ID, created date, permissions
- Team: Name, description, owner, creation date, members
- File: Name, MIME type, size, ID, created date
- Drive: Name, team, project, capacity, format
- IP Address: Location, city, country, coordinates, accuracy radius
- VM, Directory, Group, Form, Requirement: Type-specific metadata
Use the arrow buttons to navigate between previously viewed objects.
Charts
If the selected query supports chart visualization, the Charts tab displays the results graphically. Supported chart types include line, bar, pie, and geographic map charts.
You can also chart results using the Chart button, which offers:
- Chart all data
- Chart selected data
Exporting Results
Click the Export button to download data. Options include:
- Export all data exports every row
- Export selected data exports only checked rows
- Export visible data exports only the currently filtered view
Results are exported to Excel with formatting and column statistics.