LogoLogo
Login to CortexBook a DemoCortex Academycortex.ioCortex Status
  • Cortex Docs
  • Cortex Quick Start
  • Ingesting data into Cortex
    • Managing Entities
      • Adding entities
        • Add services
        • Add domains
        • Add teams
        • Add custom entity types
        • Defining dependencies
      • Entity details page
      • Defining ownership
      • Defining relationship types
      • Grouping entities
      • Adding external documentation
      • Adding Deploy data
      • Adding custom data
      • Viewing discovered entities
      • Archiving entities
      • Relationship graph
      • Using On-call Assistant for incidents
      • Managing Terraform infra in Cortex
    • Managing Catalogs
    • Integrations
      • Internally hosted integrations
      • ArgoCD
      • AWS
      • Azure DevOps
      • Azure Resources
      • BambooHR
      • Bitbucket
      • BugSnag
      • Buildkite
      • Checkmarx
      • CircleCI
      • ClickUp
      • Codecov
      • Coralogix
      • Custom webhook integrations
      • Datadog
      • Dynatrace
      • Entra ID (Azure AD)
      • FireHydrant
      • GitHub
      • GitLab
      • Google
      • Grafana
      • incident.io
      • Instana
      • Jenkins
      • Jira
      • Kubernetes
      • LaunchDarkly
      • Lightstep
      • Mend
      • Microsoft Teams
      • New Relic
      • Okta
      • Opsgenie
      • PagerDuty
      • Prometheus
      • Rollbar
      • Rootly
      • Sentry
      • Semgrep
      • ServiceNow
      • Slack
      • Snyk
      • SonarQube
      • Splunk Observability Cloud (SignalFx)
      • Splunk On-Call (VictorOps)
      • Sumo Logic
      • Veracode
      • Wiz
      • Workday
      • xMatters
  • Scorecards
    • Initiatives and Action items
      • Creating issues based on Initiatives
    • Scorecard rule exemptions
    • Scorecard rule filters
    • Scorecard examples
    • Scorecards as code
  • Reports
    • Executive report
    • All Scorecards report
    • Bird's eye report
    • Progress report
    • Report card
  • Eng Intelligence
    • Custom Metrics
    • Jira Metrics
    • Metrics Explorer (Beta)
    • Velocity Dashboard (Beta)
  • Cortex Query Language (CQL)
    • Running and saving CQL queries
    • Using CQL reports
    • Using JQ in Cortex
  • Workflows
    • Creating a Workflow
      • Workflows as code
    • Blocks
    • Running a Workflow
    • Registering a Scaffolder template
      • Scaffolder advanced usage
    • Using a Workflow to sync in ArgoCD
    • Kicking off a Jenkins pipeline in a Workflow
    • Calling internal service endpoints in a Workflow
  • Plugins
    • Creating a plugin
      • Creating a plugin proxy
    • Migrating Backstage plugins to Cortex
  • Engineering homepage
  • Workspace Settings
    • Using GitOps for Cortex
      • GitOps logs
    • Managing users
      • Roles and permissions
        • Custom roles
        • Team ownership entity editing
      • Configuring SSO
        • Microsoft Entra ID
        • Google
        • Other OIDC providers
        • Okta
          • Okta SCIM
      • Configuring identity mappings
      • Onboarding management
    • API keys, secrets, and tokens
      • Secrets
      • Personal tokens
    • Audit logs
    • Entity settings
      • Data verification
      • Auto archiving entities
    • IP allowlist
    • Notifications
      • Notification logs
    • Customizing your workspace
    • Using search in Cortex
  • Cortex API
    • REST API operations
      • API Keys
      • Audit Logs
      • Catalog Entities
      • Custom Data
        • Custom Data (Advanced)
      • Custom Events
      • Custom Metrics
      • Dependencies
      • Deploys
      • Discovery Audit
      • Docs
      • Eng Intel: User Labels
      • Entity Relationship Types (Beta)
      • Entity Relationships (Beta)
      • Entity Types
      • GitOps Logs
      • Groups
      • Initiatives
      • Integrations APIs
        • Azure Active Directory (Entra ID) API
        • Azure Resources API
        • AWS API
        • Azure DevOps API
        • CircleCI API
        • Coralogix API
        • Datadog API
        • GitHub API
        • GitLab API
        • incident.io API
        • LaunchDarkly API
        • New Relic API
        • PagerDuty API
        • Prometheus API
        • SonarQube API
      • IP Allowlist
      • Notification Logs
      • On call
      • Packages
      • Plugins
      • Queries
      • SCIM
      • Scorecards
      • Secrets
      • Team Hierarchies
      • Teams
      • Workflows
Powered by GitBook
On this page
  • CQL basics
  • CQL format and data sources
  • Combining CQL expressions
  • Captures
  • CQL tools
  • The Query builder tool
  • CQL explorer
  • CQL reports
  • Running and saving CQL queries

Was this helpful?

Export as PDF

Cortex Query Language (CQL)

Last updated 17 days ago

Was this helpful?

Cortex Query Language (CQL) is a proprietary domain-specific language (DSL) you can use to query details in-depth about your Cortex entities. CQL is at the core of many Cortex features, from defining how evaluate health and readiness to deciding which entities a should appear on.

With CQL, you can:

  • Query your data immediately (including from third-party integrations or ), without having to move it, transform it, or wait for batch jobs

    • Cortex does not require you to configure custom processes for each new standard you want to track

  • Use basic arithmetic and utility functions to get the data you need

  • Customize rules to query information needed to assess your processes quickly

    • For example, you can .

  • Create reusable to view any query result, such as the number of incidents your services had in the last week

CQL allows you to ask multi-source questions, such as, "Who's on call for services in our payment product?" or "Which services are still on the old secrets manager?"

It also provides a consistent way to write rules, regardless of the data source. For example, you can use git.fileExists() to search across all of your Git repositories without needing to specify the Git provider.

CQL basics

See additional CQL instructions and examples in the in your workspace.

CQL format and data sources

CQL queries use the format data source function quantifier, with the function and quantifier options differing depending on the data source and type.

The data sources for CQL are:

  • Entity metadata: Core entity details

    • Example query: dependencies.in().length

  • Integrations: Data from

    • Example query: jira.numOfIssues()

  • Custom data: Data attached to the entity, or defined in the

    • Example query: custom("cloud-cost") .cost.compute.actual

Combining CQL expressions

You can combine CQL expressions in multiple ways:

  • Use AND to require multiple conditions to be true

    • Example: entity.type() == "container" AND entity.tag() == "production"

  • Use OR to allow for multiple possibilities

    • Example: entity.type() == "container" OR entity.type() == "function"

  • Combine AND and OR with parentheses

    • Example: (entity.type() == "container" OR entity.type() == "function") AND entity.tag() == "production"

  • Use ! to negate a condition

    • Example: !entity.tag() == "production"

Captures

You can include entity or CQL evaluation data in a rule's description and failure message using captures. This will enable you to create a Scorecard rule description or failure message that reflects the rule’s score and affected entity descriptor information (including dependencies and custom data if set in the YAML). Captures allow you to update your rule expressions to “capture” certain pieces of an expression into variables.

Learn more about captures

CQL tools

The Query builder tool

The Query builder allows you to leverage all of CQL's power to investigate information about your entities without building an entire Scorecard.

To see the Query builder, click Tools > Query builder in the main nav.

Using custom data in CQL queries

With the Query builder, you can query against any of this custom data. Anything that can be evaluated with a Scorecard will display in the Query builder, which allows you to essentially use Cortex as a database. Because Cortex is able to pull data from many data sources, the Query builder can even provide more insight than GitHub search.

CQL explorer

You can access it via Query builder or as a standalone page:

  • On the Query builder page: On the right side of the Query builder, click the CQL explorer tab to view CQL instructions and examples for specific data types, entity metadata, custom data, and more.

  • As a standalone page:

    1. Click the flag icon on the right side of your Cortex workspace.

    2. In the Help & Docs side panel, click CQL explorer.

CQL reports

Running and saving CQL queries

See additional instructions on using captures in .

Read about a capture use case in .

The functionality of the Query builder depends on your . Users who have the ability to edit Scorecards can run queries that talk to third-party integrations. Users without those permissions can run queries on custom data and anything else that exists within Cortex. Users classified as viewers are not able to run queries.

You can add to any entity, and you can access custom data from any . For example, if you run a security scanning tool that isn't in the list of existing integrations, you may run a vulnerability scan as part of your CI process and then send that data to Cortex.

contains instructions and examples for specific data types, entity metadata, custom data, and more.

CQL reports allow you to query all of the raw data in Cortex and build a custom report on the data. Learn more in .

To learn about running queries and saving queries, see .

Cortex's CQL explorer
permissions
custom data
entity's details page
CQL explorer
Using CQL reports
Running and saving CQL queries
Scorecards
plugin
custom data
Scorecard
CQL reports
CQL explorer
third-party sources
sent via API
Scorecard examples: Using CQL captures to display the cause of rule failures
use CQL captures to display the cause of rule failures in a Scorecard
Click Tools > Query builder from the main nav.
CQL explorer is on the right side of the Query builder.
Click the purple flag icon on the right side of your workspace.
Click the CQL explorer link in the "Help and docs" sidebar.
entity YAML