This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Unlock your full community experience!
- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Failed to execute RQL search. Illegal argument
- LIVEcommunity
- Discussions
- Cloud Native Application Protection
- Prisma Cloud Discussions
- Failed to execute RQL search. Illegal argument
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
Failed to execute RQL search. Illegal argument
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
03-20-2025 11:35 AM
When I am trying to run this query in Prisma cloud , It through me message "Failed to execute RQL search. Illegal argument"
RQL
config from cloud.resource where api.name = 'aws-ec2-describe-security-groups' as X; config from cloud.resource where api.name = 'aws-ec2-describe-route-tables' as Y; config from cloud.resource where api.name = 'aws-ec2-describe-instances' as Z; filter "$.Y.vpcId contains $.X.vpcId
and $.Z.subnetId contains $.Y.associations[*].subnetId
and $.Y.routes[?(@.destinationCidrBlock=='0.0.0.0/0')].gatewayId contains igw
and ($.X.ipPermissions[?(@.toPort > 445 || @.fromPort < 445)].ipRanges[*] contains 0.0.0.0/0
or $.X.ipPermissions[?(@.toPort > 445 || @.fromPort < 445)].ipv6Ranges[*].cidrIpv6 contains ::/0) "; show X;
Please help me in fixing this issue
1 REPLY 1
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
03-24-2025 01:06 PM
Hi KaushalRai
It looks like you had some spacing issues with your last clause. sometimes you can include spaces, but in other cases, you cannot.
The last part of your original statement was:
and ($.X.ipPermissions[?(@.toPort > 445 || @.fromPort < 445)].ipRanges[*] contains 0.0.0.0/0 or $.X.ipPermissions[?(@.toPort > 445 || @.fromPort < 445)].ipv6Ranges[*].cidrIpv6 contains ::/0) "; show X;
This is what I was able to get to work:
and ($.X.ipPermissions[?(@.toPort>445||@.fromPort>445)].ipRanges[*] contains 0.0.0.0/0 or $.X.ipPermissions[?(@.toPort>445||@.fromPort>445)].ipv6Ranges[*].cidrIpv6 contains ::/0)" ; show X;
Here is the final modification of your query:
config from cloud.resource where api.name = 'aws-ec2-describe-security-groups' as X; config from cloud.resource where api.name = 'aws-ec2-describe-route-tables' as Y; config from cloud.resource where api.name = 'aws-ec2-describe-instances' as Z; filter "$.Y.vpcId contains $.X.vpcId and $.Z.subnetId contains $.Y.associations[*].subnetId and $.Y.routes[?(@.destinationCidrBlock=='0.0.0.0/0')].gatewayId contains igw and ($.X.ipPermissions[?(@.toPort>445||@.fromPort>445)].ipRanges[*] contains 0.0.0.0/0 or $.X.ipPermissions[?(@.toPort>445||@.fromPort>445)].ipv6Ranges[*].cidrIpv6 contains ::/0)" ; show X;
Hope this helps!
🙂
- 122 Views
- 1 replies
- 0 Likes
Like what you see?
Show your appreciation!
Click Like if a post is helpful to you or if you just want to show your support.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
Recommendations
LEGAL NOTICES
Copyright 2007 - 2025 - Palo Alto Networks