Run an SQL Query
Analyst10 min
What it's for
Search and analyze security events with Affinity's SQL editor.
Before you start
- At least one integration with ingested data must exist.
- Access permission to `/logs`.
Steps
- Go to LOGS in the sidebar.
- Click Query Editor.
- Write your SQL query in the tab (default name: `Query 1`).
- (Optional) Set timezone: `UTC` or `UTC-3` selector.
- (Optional) Define time range with the editor date selector.
- Click Run Query.
- To stop a long query: Stop Query (shows Stopping...).
- Switch to Table View to see results in a table.
Expected result
- The table shows rows with result columns.
- Query Execution Statistics section with times and rows scanned.
Common errors
| Symptom | What to do |
|---|---|
| `No Logs To Display` / `Run a query or adjust filters to see results.` | Run a query or expand the time range |
| `No results found` | Adjust filters; **Clear search to see all logs** |
| Slow query | Reduce time range; use columns/partitions in WHERE |
Tips
- Editor tools: Clear Query, Format SQL, SQL Intellisense Help, Show/Hide Execution Statistics, Share Query.
- Visual builder: Query Builder → Query Builder modal → Advanced Queries, Reset, Use Query.