New addition to our Search Language - IN keyword

We wanted to give you a simple and easy way, that you can search through your log list.

A use case in life would be searching through your Firewall logs.

Original query:

    where(connection_status=/accept/i AND direction!=/outbound/i AND
source_address!=/10\..*|127\..*|172\.(1[6-9]|2[0-9]|3[01])\..*|192\.168\..*/ AND
destination_port=/3389|5938|5900/)  groupby(geoip_country_name) limit(1000)

A new equivalent query with the list will:

  • Simply enumerate your private IP addresses and ports
  • No need to use regex for sub-net checking
  • Operates with IP addresses and numeric ports rather than strings
  • No need of specifying keys each time

where(connection_status=/accept/i AND direction!=/outbound/i AND source_address NOT IN [IP(, IP(, IP(172, 16.0.0/16), IP(] AND destination_port IN [3389, 5938, 5900]) groupby(geoip_country_name) limit(1000)

Let us know what do you think :slight_smile:



Not only does the IN command help clean up your query, it also makes any future changes to those values much easier as you just need to either change, remove, or add a new value within the []. Definitely a huge improvement.


I see a lot of potential with this one. Thanks for adding it!


It makes me really happy when I see that the provider of a service improves it and makes it more intuitive to use. Keep up the good work.


Very cool addition. Thanks for adding it! Makes advanced queries much more “human readable” :slight_smile: