SkopeIT query bar: How find a query field name


Badge +12

The SkopeIT query bar is powerful tool to show filtered data. Sometimes it is a bit challenging to find the name of a field to be used in a query. E.g. we recently introduced a new SkopeIT field called "Netskope Pop". This field tells you, where the traffic was enforced. The get field name for a query just mouse over the field in the detailed event view (see screenshot). Then you can use it in a query like this: "netskope_pop like FRA1".


2 replies

Badge +2

Good Info Jürgen! I'd like to add, that DC names have the country code prepended: DE-FRA1, CH-ZRH1, FR-PAR1 etc. One can therefore also filter on countries. And the DC codes have just been added to the KB: https://support.netskope.com/hc/en-us/articles/360035977513-NewEdge-Point-of-Presence-Data-Plane-and-Management-Plane-Global-Edge-Expansion-Status-and-IP-Ranges 

Badge +13

A good starting point is the article on SkopeIT query language. From there, one may continue to examples, etc.

Reply