NQL editor

The NQL editor is the feature offering a web-based user interface allowing you to write and execute investigations using the Nexthink Query Language (NQL).

The embedded syntax editor allows for adjusting of existing queries or creating new ones from scratch. The results help you to investigate issues and problems faced by the employees of your organization.

Query data using the NQL editor

1. Select Investigations from the main menu to create or edit an existing investigation.

   • The Visual editor tab opens by default.

2. Switch to the NQL editor tab and start writing your NQL query.

   • Running NQL queries to investigate connection.events enables the Network tab. Refer to the Network view documentation to learn how to troubleshoot network-related issues using the network view visualization.

   • If needed, refer to the NQL data model documentation.

Using the NQL editor result table for insights

Hover over a specific cell value in the investigation results table, to open the action menu containing different options depending on the field:

• Drill down to … opens an Investigation page with the NQL query listing the results specific to the row of the selected cell value under the field column of interest. See the image below.

  • The Drill down to... option is available for field metric values.

• Copy value or Copy raw value. Remember, the system shortens large numbers with appropriate suffixes. Hover over a metric to see the raw number.

• Use the contextual action menu only for inventory objects—users, devices and binaries—to:

  • Open binary profiling, Open user overview or Open device view, depending on the case.

  • Diagnose for diagnostics dashboards.

  • Retrieve all pre-filled investigation queries in the inventory-object context.

Action bar for bulk operations

Additionally, when you select entire rows by ticking the checkboxes on the left of the table, the system displays an action bar at the bottom of the Nexthink web interface.

Depending on the selected cell item, the action bar includes the action menu options listed above, plus the possibility to Execute action, Edit or Launch campaigns.

Saving an investigation from the NQL editor

Click on the Save as button in the top-right corner of the Investigations page to save an investigation.

Saved investigations appear on the Manage Investigations page and in the navigation panel for the Investigations module.

If you are editing an existing investigation, you can:

• Click Save to save the changes.

• Click Save as to save the investigation under a different name.

Sharing and exporting an investigation from the NQL editor

Click on the action menu in the top-right corner of the Investigations page to:

• Share an investigation with groups of users based on their user role, and collaborate with them on an investigation. Grant permissions to other users to view or edit the investigation. Refer to the Sharing an investigation section of the Manage Investigations documentation for more information.

• Copy link to an investigation and share it with other Nexthink users. Copy link shares the query text in the URL and is always treated as a new investigation for the user you send the link to.

• Export results of the data returned by the investigation in a CSV file.

  • By default, the Visual editor limits the maximum number of query results to 10,000 rows on the webpage. The export to CSV feature returns up to 1,000,000 rows.

  • Ticking the Formatted data checkbox from the Export results in the CSV pop-up, allows you to format Raw data. See the table below for more details.

Exporting Formatted data versus Raw data

This table displays the differences between exporting Raw data and Formatted data for most data types.

[{"name":"Cortex XDR‚Ñ¢ Advanced Endpoint Protection","realTimeProtection":2,"upToDate":2},{"name":"Microsoft Defender Antivirus","realTimeProtection":3,"upToDate":2}]

[{"name":"Apple M1 Pro","numberOfCores":10,"numberOfLogicalCpus":10}]

[{"name":"APPLE SSD AP1024R","type":3,"bootDisk":true,"size":1.00055561E12}]

[{"name":"Windows Firewall","realTimeProtection":2}]

[{"name":"NVIDIA Quadro P520","ram":"2147483648"},{"name":"Intel UHD Graphics","ram":"1073741824"}]

[{"name":"Kanopy@KAN-HDKTYD3","type":1},{"name":"localadmin@KAN-HDKTYD3","type":1}]

[{"name":"DELL","serialNumber":"D1CLSS2-4133544C","vendor":"DEL","manufacturingYear":2019,"maxHorizontalResolution":1920,"maxVerticalResolution":1080,"diagonalSize":27.1},{"name":"Wide viewing angle \u0026 High density FlexView Display 1920x1080","vendor":"LEN","manufacturingYear":2018,"maxHorizontalResolution":1920,"maxVerticalResolution":1080,"diagonalSize":13.9}]

[{"name":"disk0s1","size":5.24288E8,"usage":0.232,"freeSpace":4.02653184E8,"mount":"disk0s1"},{"name":"disk0s2","system":true,"size":4.94384808E11,"usage":0.9055235,"freeSpace":4.6707769E10,"mount":"disk0s2"},{"name":"disk0s3","size":5.3686641E9,"usage":1.0,"mount":"disk0s3"}]

["Appinfo","NaturalAuthentication","TokenBroker","UserManager","XblGameSave","shpamsvc"]

RELATED TOPIC

• Visual editor

• Roles