FSQL Technical Reference

This documentation provides a comprehensive reference for FSQL (Federated Search Query Language). The materials cover Query's search capabilities and data model, explaining how all data is viewed through an OCSF lens and represented as standardized events. The documentation describes how users can build search requests by selecting events and attributes, applying filters, and specifying time ranges to optimize query performance.

A significant portion of the documentation focuses on attribute selectors, the unique syntax for describing fields in FSQL. Detailed sections explain path expressions, expansions, modifiers, filters, transformers, and set operations with numerous examples. The documentation also covers search filter operators with a comprehensive table showing which operators are compatible with different data types, and explains how dates and times can be expressed in FSQL using relative dates, ISO 8601 format, or epoch timestamps.

The reference concludes with information about FSQL's EXPLAIN commands, which help users understand the system's capabilities. These include commands to retrieve version information, test attribute selectors, describe schema for selected attributes, list available connectors, and translate FSQL queries into GraphQL requests. Throughout the documentation, practical examples demonstrate how to use each feature, making this reference a valuable resource for anyone working with FSQL.