The NQL editor is the feature offering a web-based user interface allowing you to write and execute investigations using the Nexthink Query Language (NQL). The embedded syntax editor allows for adjusting of existing queries or creating new ones from scratch. The results help you to investigate issues and problems faced by the employees of your organization.
Accessing the NQL editor
Select Investigations from the main menu.
Click on an existing investigation in the navigation panel or on a New button to start building your NQL query. The Visual editor tab opens by default.
Switch to the NQL editor tab and start writing your NQL query.
Saving an investigation
Click on the Save as button at the top-right corner of the page to save the investigation. Your saved investigations appear on the Manage Investigations page as well as in the navigation panel for the module.
If you are editing an existing investigations, you can:
Click on Save to save the changes.
Click on Save as to save it under a different name.
Investigations page action menu
Click on the action menu at the top right of the page to:
Share: Share an investigation with groups of users based on their user profile and collaborate with them on an investigation. Grant permissions to other users to view or edit the investigation. Refer to the Sharing an investigation section of the Manage Investigations documentation for more information.
Copy link: Copy the link to the investigation and share it with other users of Nexthink. Copy link shares the query text in the URL and is always a new investigation for the user you are sending the link to.
Export results: The Nexthink platform creates a copy of the data returned by the investigation and stores it in a CSV file. By default, Investigations limits the maximum number of query results to 10,000 rows on the web page. The export to CSV feature returns up to 1,000,000 rows.
Rename: Change the name of an existing investigation.
Delete: Remove an existing investigation from the system.
Investigate option in the action bar
The Investigate option in the action bar provides multiple opportunities to narrow down your search by getting items relevant to the investigation results. Investigate works within the context of the query, enforcing the time frame and the conditions of the original investigation. The action bar automatically appears at the bottom of the screen after a query is executed.
Follow these steps to Investigate:
Write an NQL query and press the Run button to show the results of the query.
Select the items that you wish to investigate by selecting the corresponding checkboxes. Once the first item is selected the action bar appears indicating the number of selected entries along with the Investigate button.
Click on the Investigate button.
Select the type of investigation you wish to perform from the pop-up menu.
There are four levels of data privacy defined in the account profile that specify access rights and are relevant to data visibility in the Investigations dashboard.
anonymous users, devices, destinations and domains: users with this profile cannot view the names of users, devices, destinations or domains.
anonymous users and devices: users with this profile cannot view the names of users or devices.
anonymous users: users with this profile cannot see the names of users.
none (full access): users with this profile have full access to the collected data.
Refer to the Profiles documentation for more information about the privacy settings.
When a certain anonymization level is applied to the user profile, it will affect how information in the Investigations dashboard is displayed, for example, the system displays Username and Email address columns as hidden.