How to Use nOps Search DSL

Searching for resources in nOps can be a daunting task. There are a lot of resources in an AWS account, that have been captured by nOps. The ability to pinpoint the specific resource or set of resources is important. Using a single search query might not reveal many results. Using the nOps DSL queries makes this much easier and faster. This tutorial shows some principles and how to search with the DSL Queries

Supported comparison operators:
=, != (int, float and dates, strings)
>, >= (int, float and dates)
<, <= (int, float and dates)

Supported bool operators (case-insensitive):
and, &
or, |

Date format:
yyyy-mm-dd
Example: some_date = 2020-05-02

“IN” operator:
field IN [int, “str”, float]
Example: type in [ec2, “aws.s3”, aws_ebs]

Bool logical order with brackets: The same thing as in other languages: use "()" to show the execution order of logical blocks.
Example. (type = ec2 or type = s3) and cost.usagetype.cost > 13.37

Examples:

Find all EC2 instances with VPC equals "vpc-092eb20aa971a6e0b" or "vpc-d5339bb0" and with the total cost less than or equal to $500:
vpc_id in ["vpc-092eb20aa971a6e0b", "vpc-d5339bb0"] and type=ec2 and cumulative_cost &lt;= 500

Find all EC2 instances with the Average CPU Utilization less than 30% for the last 3 months
type=ec2 and utilization.months.months_3.cpu.cpu_usage < 30.00

Find all EBS volumes without Encryption enabled
type=ebs and encrypted=false

Find all EC2 instances launched after some date:
type=ec2 and launch_time>2020-01-01

These are a list of the fields that can be used for query. Subsequently this list will be limited to some pre-defined set of fields only

'Name',

'active',

'active_services_count',

'allocation_id',

'arn',

'association_id',

'attached',

'attached_policies.AttachedPolicies.PolicyArn',

'attached_policies.AttachedPolicies.PolicyName',

'attached_policies.HasAttachedPolicies',

'attr_defs.AttributeName',

'attr_defs.AttributeType',

'availability_zone',

'availability_zones',

'available_ip_address_count',

'backup_retention_period',

'billing',

'billing_type',

'bucket_name',

'canonical_hosted_zone_name',

'canonical_hosted_zone_name_id',

'cf_stack',

'cidr_block',

'cloudtrail.first_event.created_by',

'cloudtrail.first_event.event_id',

'cloudtrail.first_event.event_name',

'cloudtrail.first_event.event_time',

'cloudtrail.meta.type',

'codesize',

'cost.available_operation',

'cost.available_usagetype',

'cost.dates_available',

'cost.meta.account',

'cost.meta.availability_zone',

'cost.meta.region',

'cost.meta.resource',

'cpu',

'cpu*',

'cpu_2592000',

'cpu_3600',

'cpu_600',

'cpu_604800',

'cpu_86400',

'create_date',

'create_time',

'created_time',

'creation_date',

'ct',

'cumulative_cost',

'current_month_cost',

'db_cluster_identifier',

'db_instance_class',

'desc',

'description',

'dhcp_options_id',

'dns_name',

'domain',

'ec2_ids',

'encrypted',

'endpoint.Address',

'endpoint.HostedZoneId',

'endpoint.Port',

'engine',

'first_seen',

'groups.Groups.Arn',

'groups.Groups.CreateDate',

'groups.Groups.GroupId',

'groups.Groups.GroupName',

'groups.Groups.Path',

'groups.HasGroups',

'health_check.access_point',

'health_check.healthy_threshold',

'health_check.interval',

'health_check.target',

'health_check.timeout',

'health_check.unhealthy_threshold',

'id',

'instance_id',

'instance_name',

'instance_state',

'instance_tenancy',

'instance_type',

'instances_sg',

'iops',

'ip_address',

'is_as',

'is_default',

'is_eks',

'is_multi_region',

'item_count',

'item_id',

'key_name',

'last_updated',

'lastmodified',

'launch_time',

'listeners.instance_port',

'listeners.instance_protocol',

'listeners.load_balancer',

'listeners.load_balancer_port',

'listeners.protocol',

'listeners.ssl_certificate_id',

'log_file_validaton_enabled',

'memsize',

'mfa_enabled',

'monitored',

'multi_az',

'name',

'network_interface_id',

'network_interface_owner_id',

'node_type',

'number_of_mount_targets',

'number_of_nodes',

'owner_id',

'password_last_used',

'path',

'performance_mode',

'policies.HasPolicies',

'policies.Policies',

'policies.other_policies',

'policy_document.Statement.Action',

'policy_document.Statement.Condition.StringEquals.sts:ExternalId',

'policy_document.Statement.Effect',

'policy_document.Statement.Principal.AWS',

'policy_document.Statement.Principal.Federated',

'policy_document.Statement.Principal.Service',

'policy_document.Statement.Sid',

'policy_document.Version',

'preferred_backup_window',

'private_dns_name',

'private_ip',

'private_ip_address',

'product',

'project.access_key',

'project.access_type',

'project.account_number',

'project.client',

'project.id',

'project.name',

'project.role_name',

'project.status',

'public_ip',

'publicly_accessible',

'region',

'remediation.action',

'remediation.compliance_type',

'remediation.function',

'remediation.id',

'remediation.integration',

'remediation.message_id',

'remediation.modified',

'remediation.status',

'remediation.user',

'replica_role',

'role_id',

'rules.from_port',

'rules.grants.resource_id',

'rules.grants.resource_name',

'rules.grants.type',

'rules.grants.value',

'rules.ip_protocol',

'rules.to_port',

'runtime',

's3_bucket_access_log_enabled',

'scheme',

'search',

'security_alerts.from_port',

'security_alerts.grant.type',

'security_alerts.grant.value',

'security_alerts.ip_protocol',

'security_alerts.status',

'security_alerts.to_port',

'security_groups',

'size',

'snapshot_id',

'state',

'state_change_time',

'status',

'storage_type',

'subnet_id',

'subnets',

'suggest',

'tab_size_bytes',

'tags.key',

'tags.value',

'tags_key.key',

'tags_key.value',

'throughput_mode',

'type',

'user_id',

'user_name',

'user_name_lowercase',

'utilization.consumed_capacity_percents.read',

'utilization.consumed_capacity_percents.write',

'utilization.cpu.cpu_usage',

'utilization.disk.read_iops',

'utilization.disk.read_ops',

'utilization.disk.total_io',

'utilization.disk.write_iops',

'utilization.disk.write_ops',

'utilization.io_limit.percents',

'utilization.months.months_1.consumed_capacity_percents.read',

'utilization.months.months_1.consumed_capacity_percents.write',

'utilization.months.months_1.cpu.cpu_harmonic_mean',

'utilization.months.months_1.cpu.cpu_usage',

'utilization.months.months_1.cpu.cpu_utilization',

'utilization.months.months_1.cpu.cpu_variance',

'utilization.months.months_1.cpu.utilization_percent',

'utilization.months.months_1.disk.disk_read_harmonic_mean',

'utilization.months.months_1.disk.disk_write_harmonic_mean',

'utilization.months.months_1.disk.read_iops',

'utilization.months.months_1.disk.read_ops',

'utilization.months.months_1.disk.space_utilization',

'utilization.months.months_1.disk.total_io',

'utilization.months.months_1.disk.write_iops',

'utilization.months.months_1.disk.write_ops',

'utilization.months.months_1.io_limit.percents',

'utilization.months.months_1.memory.utilization_percent',

'utilization.months.months_1.network.in',

'utilization.months.months_1.network.network_in_harmonic_mean',

'utilization.months.months_1.network.network_out_harmonic_mean',

'utilization.months.months_1.network.out',

'utilization.months.months_1.ram.freeable_memory',

'utilization.months.months_12.consumed_capacity_percents.read',

'utilization.months.months_12.consumed_capacity_percents.write',

'utilization.months.months_12.cpu.cpu_harmonic_mean',

'utilization.months.months_12.cpu.cpu_usage',

'utilization.months.months_12.cpu.cpu_utilization',

'utilization.months.months_12.cpu.cpu_variance',

'utilization.months.months_12.cpu.utilization_percent',

'utilization.months.months_12.disk.disk_read_harmonic_mean',

'utilization.months.months_12.disk.disk_write_harmonic_mean',

'utilization.months.months_12.disk.read_iops',

'utilization.months.months_12.disk.read_ops',

'utilization.months.months_12.disk.space_utilization',

'utilization.months.months_12.disk.total_io',

'utilization.months.months_12.disk.write_iops',

'utilization.months.months_12.disk.write_ops',

'utilization.months.months_12.io_limit.percents',

'utilization.months.months_12.memory.utilization_percent',

'utilization.months.months_12.network.in',

'utilization.months.months_12.network.network_in_harmonic_mean',

'utilization.months.months_12.network.network_out_harmonic_mean',

'utilization.months.months_12.network.out',

'utilization.months.months_12.ram.freeable_memory',

'utilization.months.months_3.consumed_capacity_percents.read',

'utilization.months.months_3.consumed_capacity_percents.write',

'utilization.months.months_3.cpu.cpu_harmonic_mean',

'utilization.months.months_3.cpu.cpu_usage',

'utilization.months.months_3.cpu.cpu_utilization',

'utilization.months.months_3.cpu.cpu_variance',

'utilization.months.months_3.cpu.utilization_percent',

'utilization.months.months_3.disk.disk_read_harmonic_mean',

'utilization.months.months_3.disk.disk_write_harmonic_mean',

'utilization.months.months_3.disk.read_iops',

'utilization.months.months_3.disk.read_ops',

'utilization.months.months_3.disk.space_utilization',

'utilization.months.months_3.disk.total_io',

'utilization.months.months_3.disk.write_iops',

'utilization.months.months_3.disk.write_ops',

'utilization.months.months_3.io_limit.percents',

'utilization.months.months_3.memory.utilization_percent',

'utilization.months.months_3.network.in',

'utilization.months.months_3.network.network_in_harmonic_mean',

'utilization.months.months_3.network.network_out_harmonic_mean',

'utilization.months.months_3.network.out',

'utilization.months.months_3.ram.freeable_memory',

'utilization.months.months_6.consumed_capacity_percents.read',

'utilization.months.months_6.consumed_capacity_percents.write',

'utilization.months.months_6.cpu.cpu_harmonic_mean',

'utilization.months.months_6.cpu.cpu_usage',

'utilization.months.months_6.cpu.cpu_utilization',

'utilization.months.months_6.cpu.cpu_variance',

'utilization.months.months_6.cpu.utilization_percent',

'utilization.months.months_6.disk.disk_read_harmonic_mean',

'utilization.months.months_6.disk.disk_write_harmonic_mean',

'utilization.months.months_6.disk.read_iops',

'utilization.months.months_6.disk.read_ops',

'utilization.months.months_6.disk.space_utilization',

'utilization.months.months_6.disk.total_io',

'utilization.months.months_6.disk.write_iops',

'utilization.months.months_6.disk.write_ops',

'utilization.months.months_6.io_limit.percents',

'utilization.months.months_6.memory.utilization_percent',

'utilization.months.months_6.network.in',

'utilization.months.months_6.network.network_in_harmonic_mean',

'utilization.months.months_6.network.network_out_harmonic_mean',

'utilization.months.months_6.network.out',

'utilization.months.months_6.ram.freeable_memory',

'utilization.network.in',

'utilization.network.out',

'volume_id',

'vpc_id',

'zone',

'cloudtrail.events.event_id',

'cloudtrail.events.event_name',

'cloudtrail.events.event_operation_type',

'cloudtrail.events.event_source',

'cloudtrail.events.event_time',

'cloudtrail.events.username',

'cost.daily.cost',

'cost.daily.date',

'cost.monthly.cost',

'cost.monthly.date',

'cost.operation.cost',

'cost.operation.date',

'cost.operation.item_type',

'cost.operation_dates_available.dates',

'cost.operation_dates_available.item_type',

'cost.tags.key',

'cost.tags.value',

'cost.usagetype.cost',

'cost.usagetype.date',

'cost.usagetype.item_type',

'cost.usagetype_dates_available.dates',

'cost.usagetype_dates_available.item_type',

'tags_kv.key',

'tags_kv.source',

'tags_kv.value',

'violations.Arn',

'violations.ContinuousBackupsStatus',

'violations.CreateDate',

'violations.PasswordLastUsed',

'violations.Path',

'violations.PointInTimeRecoveryStatus',

'violations.Region',

'violations.TableName',

'violations.UserId',

'violations.UserName',

'violations._id',

'violations.access_key_id',

'violations.access_key_last_used',

'violations.access_key_masked',

'violations.actual_iops',

'violations.admin_access_policies.PolicyArn',

'violations.admin_access_policies.PolicyName',

'violations.arn',

'violations.cluster_name',

'violations.compliant',

'violations.cost',

'violations.cpu_604800',

'violations.cpu_utilization',

'violations.create_date',

'violations.current_30d_cost',

'violations.details.cpu_average',

'violations.details.cpu_min_cores_required',

'violations.details.cpu_variance',

'violations.details.diskreadops_average',

'violations.details.diskwriteops_average',

'violations.details.legacy',

'violations.details.network_required',

'violations.details.networkin_average',

'violations.details.networkout_average',

'violations.details.ram_used',

'violations.disk_utilization',

'violations.errors',

'violations.estimated_saving_month',

'violations.impact',

'violations.inline_policies',

'violations.io_usage_percents',

'violations.iops',

'violations.is_config_channels_present',

'violations.is_config_recorder_running',

'violations.is_config_recorders_present',

'violations.item_id',

'violations.item_type',

'violations.last_used',

'violations.log_events_bandwidth_kbytes',

'violations.logging_enabled',

'violations.max_read_avg',

'violations.max_read_request',

'violations.max_write_avg',

'violations.max_write_request',

'violations.memory_utilization',

'violations.monthly_saving',

'violations.multi_az',

'violations.name',

'violations.network_in',

'violations.network_mbytes',

'violations.network_out',

'violations.new_type',

'violations.node_type',

'violations.not_public_read',

'violations.not_public_write',

'violations.old_type',

'violations.overlaps.region',

'violations.overlaps.vpc_cidr',

'violations.overlaps.vpc_id',

'violations.overlaps.vpc_name',

'violations.overwrite',

'violations.performance_mode',

'violations.period',

'violations.policies.PolicyArn',

'violations.policies.PolicyName',

'violations.ports',

'violations.possible_30d_cost',

'violations.project',

'violations.project_id',

'violations.read_capacity_units',

'violations.read_consumed_percentage',

'violations.read_iops',

'violations.read_iops_utilization',

'violations.read_usage_percents',

'violations.reason',

'violations.recommendations.current_30d_cost',

'violations.recommendations.details.early_delete_days',

'violations.recommendations.details.requests_count',

'violations.recommendations.details.storage_gb',

'violations.recommendations.has_early_delete_fee',

'violations.recommendations.new_type',

'violations.recommendations.possible_30d_cost',

'violations.recommendations.update_monthly_change',

'violations.region',

'violations.requests_count',

'violations.resource_id',

'violations.server_side_encryption_enabled',

'violations.size',

'violations.status',

'violations.subnet_ids',

'violations.tab_size_mbytes',

'violations.table_name',

'violations.table_size_bytes',

'violations.tags.CostUnit',

'violations.tags.Name',

'violations.tags.Owner',

'violations.tags.Purpose',

'violations.tags.User',

'violations.tags.aws:autoscaling:groupName',

'violations.tags.aws:cloudformation:logical-id',

'violations.tags.aws:cloudformation:stack-id',

'violations.tags.aws:cloudformation:stack-name',

'violations.tags.aws:ec2launchtemplate:id',

'violations.tags.aws:ec2launchtemplate:version',

'violations.tags.eks:cluster-name',

'violations.tags.eks:nodegroup-name',

'violations.tags.k8s.io/cluster-autoscaler/enabled',

'violations.tags.k8s.io/cluster-autoscaler/nops-test-eks',

'violations.tags.kubernetes.io/cluster/nops-test-eks',

'violations.tags.nOps',

'violations.tags.owner',

'violations.throughput',

'violations.timestamp',

'violations.total_io',

'violations.type',

'violations.update_monthly_change',

'violations.use_days',

'violations.use_weeks',

'violations.user_id',

'violations.user_name',

'violations.versioning_enabled',

'violations.violation_date',

'violations.violation_subtype',

'violations.violation_type',

'violations.volume_id',

'violations.vpc_cidr',

'violations.vpc_id',

'violations.vpc_name',

'violations.write_capacity_units',

'violations.write_consumed_percentage',

'violations.write_iops',

'violations.write_iops_utilization',

'violations.write_usage_percents',

'violations_dates_available.dates',

'violations_dates_available.first_seen',

'violations_dates_available.violation_subtype',

'violations_dates_available.violation_type',

'violations_history.Arn',

'violations_history.ContinuousBackupsStatus',

'violations_history.CreateDate',

'violations_history.PasswordLastUsed',

'violations_history.Path',

'violations_history.PointInTimeRecoveryStatus',

'violations_history.Region',

'violations_history.TableName',

'violations_history.UserId',

'violations_history.UserName',

'violations_history._id',

'violations_history.access_key_id',

'violations_history.access_key_last_used',

'violations_history.access_key_masked',

'violations_history.admin_access_policies.PolicyArn',

'violations_history.admin_access_policies.PolicyName',

'violations_history.arn',

'violations_history.cluster_name',

'violations_history.compliant',

'violations_history.cost',

'violations_history.cpu_604800',

'violations_history.cpu_utilization',

'violations_history.create_date',

'violations_history.current_30d_cost',

'violations_history.details.cpu_average',

'violations_history.details.cpu_min_cores_required',

'violations_history.details.cpu_variance',

'violations_history.details.diskreadops_average',

'violations_history.details.diskwriteops_average',

'violations_history.details.early_delete_days',

'violations_history.details.legacy',

'violations_history.details.network_required',

'violations_history.details.networkin_average',

'violations_history.details.networkout_average',

'violations_history.details.ram_used',

'violations_history.details.requests_count',

'violations_history.details.storage_gb',

'violations_history.details.warning_message',

'violations_history.disk_utilization',

'violations_history.errors',

'violations_history.has_early_delete_fee',

'violations_history.id',

'violations_history.impact',

'violations_history.inline_policies',

'violations_history.io_usage_percents',

'violations_history.item_id',

'violations_history.item_type',

'violations_history.last_used',

'violations_history.log_events_bandwidth_kbytes',

'violations_history.logging_enabled',

'violations_history.max_read_avg',

'violations_history.max_read_request',

'violations_history.max_write_avg',

'violations_history.max_write_request',

'violations_history.memory_utilization',

'violations_history.monthly_saving',

'violations_history.multi_az',

'violations_history.name',

'violations_history.network_in',

'violations_history.network_mbytes',

'violations_history.network_out',

'violations_history.new_type',

'violations_history.node_type',

'violations_history.not_public_read',

'violations_history.not_public_write',

'violations_history.old_type',

'violations_history.overlaps.region',

'violations_history.overlaps.vpc_cidr',

'violations_history.overlaps.vpc_id',

'violations_history.overlaps.vpc_name',

'violations_history.overwrite',

'violations_history.performance_mode',

'violations_history.period',

'violations_history.policies.PolicyArn',

'violations_history.policies.PolicyName',

'violations_history.ports',

'violations_history.possible_30d_cost',

'violations_history.project',

'violations_history.read_capacity_units',

'violations_history.read_consumed_percentage',

'violations_history.read_iops',

'violations_history.read_iops_utilization',

'violations_history.read_usage_percents',

'violations_history.reason',

'violations_history.recommendations.current_30d_cost',

'violations_history.recommendations.details.early_delete_days',

'violations_history.recommendations.details.requests_count',

'violations_history.recommendations.details.storage_gb',

'violations_history.recommendations.has_early_delete_fee',

'violations_history.recommendations.new_type',

'violations_history.recommendations.possible_30d_cost',

'violations_history.recommendations.update_monthly_change',

'violations_history.region',

'violations_history.requests_count',

'violations_history.server_side_encryption_enabled',

'violations_history.status',

'violations_history.subnet_ids',

'violations_history.tab_size_mbytes',

'violations_history.table_name',

'violations_history.table_size_bytes',

'violations_history.tags.ChangeVersion1',

'violations_history.tags.CostUnit',

'violations_history.tags.JT',

'violations_history.tags.Name',

'violations_history.tags.Owner',

'violations_history.tags.Purpose',

'violations_history.tags.User',

'violations_history.tags.aws:autoscaling:groupName',

'violations_history.tags.aws:cloudformation:logical-id',

'violations_history.tags.aws:cloudformation:stack-id',

'violations_history.tags.aws:cloudformation:stack-name',

'violations_history.tags.aws:ec2launchtemplate:id',

'violations_history.tags.aws:ec2launchtemplate:version',

'violations_history.tags.aws:ec2spot:fleet-request-id',

'violations_history.tags.eks:cluster-name',

'violations_history.tags.eks:nodegroup-name',

'violations_history.tags.k8s.io/cluster-autoscaler/enabled',

'violations_history.tags.k8s.io/cluster-autoscaler/nops-test-eks',

'violations_history.tags.kubernetes.io/cluster/nops-test-eks',

'violations_history.tags.nOps',

'violations_history.tags.ownder',

'violations_history.tags.owner',

'violations_history.timestamp',

'violations_history.total_io',

'violations_history.type',

'violations_history.update_monthly_change',

'violations_history.user_id',

'violations_history.user_name',

'violations_history.versioning_enabled',

'violations_history.violation',

'violations_history.violation_date',

'violations_history.violation_subtype',

'violations_history.violation_type',

'violations_history.volume_id',

'violations_history.vpc_cidr',

'violations_history.vpc_id',

'violations_history.vpc_name',

'violations_history.write_capacity_units',

'violations_history.write_consumed_percentage',

'violations_history.write_iops',

'violations_history.write_iops_utilization',

'violations_history.write_usage_percents'

Did this answer your question?