Filtering
When using the Filter parameter with FQL statements, note that available FQL filters and their syntax will vary between APIs and are not determined by PSFalcon. Filter values may be case-sensitive. Each FQL statement can contain a maximum of 20 properties.
For the full FQL reference, see Falcon Query Language.
Comparison Operators
Section titled “Comparison Operators”| Operator | Meaning |
|---|---|
| (none) | Equal to |
! | Not equal to |
< | Occurred before |
> | Occurred after |
* | Partial match |
~ | Case insensitive |
Examples
Section titled “Examples”Basic filter
Section titled “Basic filter”Get-FalconHost -Filter "platform_name:'Windows'" -Limit 10Combining filters
Section titled “Combining filters”Use + for AND logic and , for OR logic:
Get-FalconHost -Filter "platform_name:'Windows'+hostname:*'server*'" -Limit 10Multiple values
Section titled “Multiple values”Filter on multiple values for a single property using square brackets:
Get-FalconHost -Filter "platform_name:['Windows','Linux']" -Limit 10Timestamp handling
Section titled “Timestamp handling”Timestamps typically use ISO 8601 format (YYYY-MM-DDTHH:mm:ssZ). PSFalcon accepts various partial date/time combinations and automatically converts phrases like last <int> days to UTC timestamps.
Get-FalconHost -Filter "last_seen:>'2024-01-01T00:00:00Z'" -Limit 10Page Updated: v2.2