Agent properties and selectors

This page lists the properties and selectors available for querying and finding NXLog Agent instances within NXLog Platform. You can build search expressions by combining the supported operators and one or more agent properties to find matching NXLog Agent instances. For example, when viewing agents, setting up auto-enrollment rules, and assigning configuration templates.

Agent properties

Each NXLog Agent instance has several properties containing information about the agent’s operating environment. To those, NXLog Platform adds agent-management properties.

Table 1. Properties associated with a connected NXLog Agent instance
Property name	Description
address	Host IP address and port number used by the agent to connect to NXLog Platform or null when the agent is offline. Example: `10.10.22.21:55076`.
agent_label	The agent label specified during the NXLog Agent installation.
arch	CPU architecture of the agent’s host. Possible values: `x86_64`, `arm`.
config	The content of the `managed.conf` file: either the actual content or the expected content when it has been changed from NXLog Platform but not yet updated on the agent. Example: `config REGEX "(?s:.)AllowUntrusted(\s)(?i)true(?-i)(?s:.)*"`
configured	Configuration status: `true` if the agent has at least one input or output module configured, `false` otherwise.
cpu-load	Average CPU load of the agent process since the start of the process.
cpu-usage-time	CPU usage time of the agent process measured in milliseconds since the start of the process.
enrolled	Enrollment status of the agent: `true` if the enrollment process completed successfully, and `false` otherwise. To prevent unintended configuration changes when using the `enroll-by-rules` API endpoint, NXLog Platform automatically adds the property `enrolled = false` to all auto-enroll rules created using the UI.
`host`	Same as `hostname`.
`hostname`	The hostname of the machine that runs NXLog Agent, as reported by NXLog Agent.
`id`	The UUID of the agent in UUID Version 1 format. The agent typically reports its ID, but NXLog Platform can generate or overwrite it, for example, to avoid duplication when you create a second agent instance by cloning a VM.
`manager-address`	The NXLog Platform IP address and port number to which the agent is connected or null when the agent is offline. Example: `10.10.22.254:5515`
`memory-used`	Amount of RAM used by the agent in bytes.
`name`	Same as `hostname`.
`online`	Connection status of the agent: `true` if the connection between NXLog Platform and the agent is established, `false` otherwise.
`os`	Type of operating system running on the agent’s host. Possible values: `Android`, `Linux`, `Windows`, `AIX`, `FreeBSD` (for FreeBSD, NetBSD), `OpenBSD`, `BSD`, `HP-UX`, `Irix`, `macOS`, `Solaris`, `Unix`, `Unknown`.
`os-release`	Operating system type and version. Example: `Fedora Linux 39 (Workstation Edition)`
`status`	The agent’s management status: `ok`, `warning` (or `warn`), `error` (or `err`). The `errors` property contains a list of the detailed error types and messages.
`template-id`	UUID of the template assigned to the agent or `null` when a template is not assigned.
`template-name`	Name of the template assigned to the agent or `null` when a template is not assigned.
`version`	Version of NXLog Agent. Example: `6.2.9212`.

Agent selector operators

You can use the following operators to write selectors for querying and finding agents.

Comparison operators

Comparison operators are binary operators that take the following form:

{expression 1} {operator} {expression 2}

Table 2. Comparison operators
Operator	Alternative spellings	Description
`=`	`==`, `EQ`, `eq`	Tests if the property value is equal to the provided value.
`!=`	`NE`, `ne`	Tests if the property value is not equal to the provided value.
`<=`	`LE`, `le`	Tests if the property value is less than or equal to the provided value.
`<`	`LT`, `lt`	Tests if the property value is less than the provided value.
`>=`	`GE`, `ge`	Tests if the property value is greater than or equal to the provided value.
`>`	`GT`, `gt`	Tests if the property value is greater than the provided value.
`LIKE`	`like`	Tests if the property value matches a wildcard expression.
`REGEX`	`regex`	Tests if the property value matches a Rust-style regular expression.

Logical operators

Logical operators can be unary or binary.

Table 3. Logical operators
Operator	Alternative spellings	Description
`NOT`		Inverts (negates) the operators or expressions. Examples: `NOT property = value` which is equal to `property != value` or `NOT (property = value)` `property NOT LIKE value`
`AND`	`&&`, `&`	Pairs of sub-expressions connected using this operator must both evaluate to true for the full expression to be true.
`OR`	`\|\|`, `\|`	At least one of the sub-expressions connected using this operator must evaluate to true for the full expression to be true.
`IN`		The expression is true if the property is equal to one of a list of values. Example: `hostname IN rhel01, rhel02, rhel03` or `hostname IN (rhel01, rhel02, rhel03)`
`IS`		Checks the property for existence or presence of value: `EMPTY` If the property is empty. `NONE` True if the property doesn’t exist. You can use existence checks only for optional properties. `NULL` Alternative spelling for `NONE`. `SOME` True if the property exists. You can use existence checks only for optional properties. Examples: `enroll-time IS NONE` `enroll-time IS SOME`
`HAS`		True if the property exists. Example: `HAS enroll-time`. Equivalent to `enroll-time IS SOME` or `NOT (enroll-time is NONE)`

Agent properties and selectors