Kaspersky Standard | Plus | Premium
Linux
English
How to manage the application  >  How to manage the application using the command line  >  How to filter query results on the command line

How to filter query results on the command line

You can use a filter to restrict the query results when running application control commands.

Filter conditions are specified using one or more logical expressions, which are combined using the logical operator and. Filter conditions must be enclosed in quotation marks:

"<field> <comparison operator> '<value>'"

"<field> <comparison operator> '<value>' and <field> <comparison operator> '<value>'"

where:

  • <field> is the name of the field for the database.
  • <comparison operator> is one of the following comparison operators:
    • > is "greater than"
    • < is "less than"
    • like matches the specified value When specifying a value, you can use % masks: for example, the logical expression "FileName like '%etc%'" sets the limitation "contains the text "etc" in the FileName field"
    • == is "equal to"
    • != is "not equal to"
    • >= is "greater than or equal to"
    • <= is "less than or equal to"
  • <value> is the value of the field. The value must be enclosed in single quotation marks (').

    You can specify a date value in UNIX time (the number of seconds that have elapsed since 00:00:00 (UTC), January 1, 1970) or in YYYY-MM-DD hh:mm:ss format. The user specifies the date and time in the user's local time zone, and the application displays them in the same time zone.

You can use a filter in the following application management commands:

  • Display information about certain current events of the application:

    kfl-control -W --query "<filter conditions>"

  • Display information about certain application events in the event log:

    kfl-control -E --query "<filter conditions>"

  • Output information about certain objects in Backup:

    kfl-control -B --query "<filter conditions>"

  • Delete certain objects from Backup:

    kfl-control -B --mass-remove --query "<filter conditions>"

    Examples:

    Get information about events that contain the text "etc" in the FileName field:

    kfl-control -E --query "FileName like '%etc%'"

    Display information about events with the ThreatDetected type:

    kfl-control -E --query "EventType == 'ThreatDetected'"

    Display information about events with the ThreatDetected type, created by tasks of the ODS type:

    kfl-control -E --query "EventType == 'ThreatDetected' and TaskType == 'ODS'"

    Get information about the events generated after the date specified in the UNIX time stamp system (the number of seconds that have elapsed since 00:00:00 (UTC), 1 January 1970):

    kfl-control -E --query "Date > '1583425000'"

    Get information about the events generated after the date specified in YYYY-MM-DD hh:mm:ss format:

    kfl-control -E --query "Date > '2022-12-22 18:52:45'"

    Get information about files in the Backup storage that have the High severity level:

    kfl-control -B --query "DangerLevel == 'High'"

Article ID: 290460, Last review: Apr 9, 2025
Page top