How to Search Using RAW EQL

📘

Tetra Data Platform (TDP) Versions

• For TDP versions >= 3.2, please continue with this page.
• For TDP versions < 3.2, please review this page.

This page describes how to search using RAW files on the Tetra Data Platform (TDP). For details about using Search in the Tetra Web API, click here.

You can use run a RAW EQL query to test your searches before you use them in a third-party tool.
To run a RAW EQL query, you can:

• Use the Label & Advanced Filters menu from the Search panel
• Enter the EQL directly in the Search bar

Run a RAW EQL Query Using the Label & Advanced Filters Menu

To search using the RAW file option:

1. From the Search panel, click Label & Advanced Filters.

2. From the Label & Advanced Filters window, select Raw EQL. The searchEql endpoint request displays (for example: POST https://api.tetrascience-dev.com/v1/datalake/searchEql).

3. You can modify the query, if necessary. To run the EQL query without validating the data, click No validation.
4. Click Run EQL to run the query and view its results. To expand the view, click Full screen.

Enter a Query in the Search Bar

You can enter your query directly in the Search bar:

The Search bar uses Elasticsearch's query_string query.
To find the field you want to search for:

1. Select a file from the Files list on the Search page.
2. Click the Open File Page icon on the right side of the page.
3. Click Preview at the top of the File Details page. The Preview Elasticsearch Document displays with JSON format. For example, if a field displays as: { data: { sample: { id: "fake-id1" } } }, then you would enter data.sample.id:"fake-id1" with the quotes in the Search bar.