Simplifying AQL queries

Writing valid AQL queries for the command line can be challenging. The basic format for AQL statements in Backus-Naur notation consists of the following parts:

<aql> ::= <version> {<quick_terms>} ZZ_BAR_ZZ {<type> ZZ_BAR_ZZ <filter>}

To simplify the process of generating the AQL queries you want to use on the command line, you can use Audit Analyzer to create a new private query and use the user interface to specify the query criteria. After you have created the query, you can right-click the query node, and click Export Query Definition to save the query definition as a file. You can then extract the AQL statement from the query definition. You can then delete the private query node from Audit Analyzer if it is not needed.

For example, run the command with the definition from the private query:

findsessions -i=”MyInstallation” /aql="1 type= shellui, wingui; time is in this week; review = Reviewed"