Query Analyzer
The Query Analyzer is your primary interface for exploring and analyzing data across all connected sources in Fusion. It provides a powerful SQL interface to query data from any connected schema, supporting PostgreSQL-compatible syntax with additional extensions for advanced analytics.
How to Access
Navigate to Fusion → Query Analyzer or use the quick-access query button from any dashboard.
Interface Overview
Query Editor
The main editor supports:
- SQL syntax highlighting
- Auto-completion for tables and columns
- Query history
- Saved queries
Results Panel
Query results are displayed with:
- Sortable columns
- Pagination
- Export options (CSV, JSON)
- Row selection for case creation
Schema Browser
The left sidebar shows:
- Available schemas
- Tables within each schema
- Column definitions
- Quick insert shortcuts
Writing Queries
Basic Queries
-- Select all columns
SELECT * FROM schema_name.table_name LIMIT 100
-- Select specific columns with filtering
SELECT timestamp, event_type, user_id
FROM aws_cloudtrail.events
WHERE timestamp > NOW() - INTERVAL '24 hours'
ORDER BY timestamp DESC
Aggregations
-- Count events by type
SELECT event_type, COUNT(*) as count
FROM aws_cloudtrail.events
WHERE timestamp > NOW() - INTERVAL '7 days'
GROUP BY event_type
ORDER BY count DESC
-- Time-based aggregation
SELECT
DATE_TRUNC('hour', timestamp) as hour,
COUNT(*) as events
FROM security_logs.events
GROUP BY DATE_TRUNC('hour', timestamp)
ORDER BY hour
Joins
-- Join across data sources
SELECT
a.event_name,
a.timestamp,
b.user_email
FROM aws_cloudtrail.events a
JOIN azure_ad.users b ON a.user_id = b.user_id
WHERE a.timestamp > NOW() - INTERVAL '1 day'
Built-in Functions
-- Vector similarity search
SELECT *, similarity(description, 'brute force attack') as relevance
FROM alerts
ORDER BY relevance DESC
LIMIT 10
-- JSON extraction
SELECT
json_extract(payload, '$.source.ip') as source_ip,
json_extract(payload, '$.destination.port') as dest_port
FROM network_logs.flows
Query Features
Recent Queries
Access your query history to:
- Re-run previous queries
- Modify and iterate
- Track query patterns
Saved Queries
Save frequently used queries:
- Run your query
- Click Save Query
- Provide a name and optional description
- Access from the Saved Queries panel
Saved queries can be:
- Referenced in other queries:
SELECT * FROM queries."query-id" - Used as data sources for panes
- Shared with team members
Export Options
Export results in multiple formats:
- CSV — Spreadsheet compatible
- JSON — Structured data
- Copy — Clipboard for quick sharing
Adding Data to Cases
Query results can be added to cases for investigation:
- Run your query
- Select relevant rows
- Click Add to Case
- Choose an existing case or create new
- Selected data becomes part of the case evidence
Performance Tips
- Use LIMIT — Always limit results during exploration
- Filter early — Add WHERE clauses to reduce data scanned
- Select specific columns — Avoid
SELECT *for large tables - Use time filters — Most tables are time-partitioned
- Leverage pushdown — Filters are pushed to source systems when possible
Keyboard Shortcuts
| Shortcut | Action |
|---|---|
Ctrl/Cmd + Enter | Execute query |
Ctrl/Cmd + S | Save query |
Ctrl/Cmd + / | Toggle comment |
Ctrl/Cmd + Space | Trigger autocomplete |
tip
Use EXPLAIN before complex queries to understand the execution plan and optimize performance.