# NQL Quick Reference Guide
| | Field/Operator | Description | Example |
| -------------------------------- | ------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **General Format** | | `field operator value` | `dstport < 1024` |
| **Boolean Operators** | `&& AND` | Logical AND | `condition1 AND condition2` |
| | `\|\| OR` | Logical OR | `condition1 OR condition2` |
| | `!` | Logical NOT | `!(condition)` |
| **Comparison Operators** | ==
!=
<
<=
>
>=
| Equals
Not Equals
Less than
Less than or equals to
Greater than
Greater than or equals to
| field == value
field != value
field <= value
field > value
field >= value
|
| **Spacing & Parentheses** | | Operators must have spaces before and after | `field == value` |
| | `()` | Use parentheses for grouping | `condition1 OR (condition2 AND condition3)` |
| | | Logic must be clear | Valid: A OR (B AND C)
Not valid: A OR B AND C
|
| **CIDR Notation** | `/24` | IP fields can use CIDR notation | `10.0.0.0/24` |
| **Pattern Matching** | | Wildcards, Regex, Fuzzy | |
| | =
!
| Match pattern
Match NOT pattern
| |
| Supported Fields | Flow | `dstiprep.categories srciprep.categories tags` | |
| | DNS | `answers.rdata query.domain query.host query.name query.publicsuffix` | |
| | Events | `ipinfo.iprep.categories summary tags` | |
| | Audit | `description` | |
| **Wildcards** | `=~ *pattern` | Matches zero or more characters | `query.name =~ *at` |
| | `!~ *pattern` | Negative match for zero or more characters | `query.name !~ *at` |
| | `=~ ?pattern` | Matches any single character | `query.name =~ ?at` |
| | `!~ ?pattern` | Negative match for any single character | `query.name !~ ?at` |
| **Regular Expressions (Regex)** | `=~ /pattern/` | Matches using regex pattern | `query.name =~ /pattern/` |
| | `!~ /pattern/` | Negative match using regex pattern | `query.name !~ /pattern/` |
| **Regex: Text Boundary Anchors** | `^` | Beginning of a line or string: Matches the start of a string | `^cat` matches "cat" at the beginning of a string |
| | `$` | End of a line or string: Matches the end of a string | `cat$` matches "cat" at the end of a string |
| **Regex: Choice and Grouping** | `xy` | Matches "xy" | `abc` matches "abc" |
| | `x OR y` | Matches "x" or "y" | `ax OR ye` matches "axe" or "aye"\` |
| | `abc(def)?` | Grouping | `abc(def)?` matches 'abc' and 'abcdef' |
| **Regex: Repetition** | `x*` | Zero or more occurrences of "x" | `a*` matches "", "a", "aa" |
| | `x+` | One or more occurrences of "x" | `a+` matches "a", "aa" |
| | `x?` | Zero or one occurrence of "x" | `a?` matches "" or "a" |
| | `x{n,m}` | Between n and m occurrences of "x" | `a{2,4}` matches "aa", "aaa", "aaaa" |
| | `x{n,}` | n or more occurrences of "x" | `a{2,}` matches "aa", "aaa" |
| | `x{n}` | Exactly n occurrences of "x" | `a{3}` matches "aaa" |
| **Regex: Character Classes** | `.` | Matches any single character | `c.t` matches "cat" and "cot" |
| | `[abc]` | Matches any single character in the set | `[aeiou]` matches any vowel |
| | `[^abc]` | Matches any single character not in the set | `[^aeiou]` matches consonants |
| | `[a-z]` | Matches any single character in the range | `[a-z]` matches any lowercase letter |
| **Regex: Numeric Ranges** | <0-10>
<00-010>
| Matches a numeric range
Matches a numeric range with leading 0s
| `<0-10>` matches any number from 0 to 10 |
| **Regex: Case Insensitive** | `/pattern/i` | Matches the pattern without regard to case | `/neto/i` matches "neto","NETO",etc. |
| **Regex: Special Characters** | `\` | Escapes special characters to be treated as literals | `\.` matches a literal period |
| **Regex: Reserved Characters** | | `. ? + * OR { } [ ] ( ) " \\` | |
| **Fuzzy Matching** | `=~ term~` | Matches using fuzzy logic | `query.name =~ cat~` |
| | `!~ term~` | Negative fuzzy match | `query.name !~ cat~` |
| | `=~ term~2` | Matches terms with a maximum distance of 2 changes | `query.name =~ cat~2` |
| | `!~ term~2` | Negative match with a maximum distance of 2 changes | `query.name !~ cat~2` |
See [Using NQL](/netography-query-language/nql-overview-and-basics.md) for more detailed information.
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.fusion.vectra.ai/netography-query-language/nql-quick.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.