is everywhere.
(And we plug into Splunk.)


Resources
[{"id":4489,"link":"https:\/\/www.query.ai\/resources\/blogs\/building-the-right-architecture-for-distributed-security-data\/","name":"building-the-right-architecture-for-distributed-security-data","thumbnail":{"url":"https:\/\/www.query.ai\/wp-content\/uploads\/2025\/10\/2025-10-15_Fed-Search-Arch.png","alt":"Building the Right Data Architecture blog header"},"title":"Building the Right Architecture for Distributed Security Data","author":{"name":"Dhiraj Sharan","link":"https:\/\/www.query.ai\/resources\/author\/dhiraj\/"},"date":"Oct 15, 2025","dateGMT":"2025-10-15 15:09:55","modifiedDate":"2025-10-15 12:10:22","modifiedDateGMT":"2025-10-15 16:10:22","commentCount":"0","commentStatus":"open","categories":{"coma":"<a href=\"https:\/\/www.query.ai\/resources\/category\/blogs\/\" rel=\"category tag\">Blogs<\/a>","space":"<a href=\"https:\/\/www.query.ai\/resources\/category\/blogs\/\" rel=\"category tag\">Blogs<\/a>"},"taxonomies":{"post_tag":""},"readTime":{"min":6,"sec":31},"status":"publish","excerpt":""},{"id":4466,"link":"https:\/\/www.query.ai\/wp-content\/uploads\/2025\/10\/QWP-07_Mapping-ALB-Access-Logs-to-OCSF.pdf#new_tab","name":"mapping-amazon-alb-access-logs-to-ocsf","thumbnail":{"url":"https:\/\/www.query.ai\/wp-content\/uploads\/2025\/10\/2025-10-09_ALB-to-OCSF.png","alt":"Mapping ALB to OCSF white paper"},"title":"Mapping Amazon Application Load Balancer Access Logs to the Open Cybersecurity Schema Framework (OCSF)","author":{"name":"Query","link":"https:\/\/www.query.ai\/resources\/author\/query\/"},"date":"Oct 9, 2025","dateGMT":"2025-10-09 15:08:34","modifiedDate":"2025-10-09 11:08:36","modifiedDateGMT":"2025-10-09 15:08:36","commentCount":"0","commentStatus":"closed","categories":{"coma":"<a href=\"https:\/\/www.query.ai\/resources\/category\/white-papers\/\" rel=\"category tag\">White Papers<\/a>","space":"<a href=\"https:\/\/www.query.ai\/resources\/category\/white-papers\/\" rel=\"category tag\">White Papers<\/a>"},"taxonomies":{"post_tag":""},"readTime":{"min":0,"sec":59},"status":"publish","excerpt":"This white paper explores how to map Amazon Application Load Balancer (ALB) access logs to the Open Cybersecurity Schema Framework (OCSF) to improve security analytics, visibility, and incident response..."},{"id":4443,"link":"https:\/\/www.query.ai\/resources\/blogs\/query-federated-search-vs-splunk-federated-search\/","name":"query-federated-search-vs-splunk-federated-search","thumbnail":{"url":"https:\/\/www.query.ai\/wp-content\/uploads\/2025\/10\/2025-10-08_Splunk-Query-Federated-Search.png","alt":"splunk query federated search comparison"},"title":"Should you use Query Federated Search or Splunk Federated Search? Here Is How You Decide.","author":{"name":"Dhiraj Sharan","link":"https:\/\/www.query.ai\/resources\/author\/dhiraj\/"},"date":"Oct 8, 2025","dateGMT":"2025-10-08 17:44:20","modifiedDate":"2025-10-09 13:48:14","modifiedDateGMT":"2025-10-09 17:48:14","commentCount":"0","commentStatus":"open","categories":{"coma":"<a href=\"https:\/\/www.query.ai\/resources\/category\/blogs\/\" rel=\"category tag\">Blogs<\/a>","space":"<a href=\"https:\/\/www.query.ai\/resources\/category\/blogs\/\" rel=\"category tag\">Blogs<\/a>"},"taxonomies":{"post_tag":""},"readTime":{"min":8,"sec":32},"status":"publish","excerpt":"Splunk users often ask how Query\u2019s Federated Search compares to Splunk\u2019s own Federated Search. The two sound similar, but they\u2019re built for very different purposes. Here\u2019s how to think about when (and how) to use each."},{"id":4437,"link":"https:\/\/www.query.ai\/resources\/blogs\/query-security-data-pipelines\/","name":"query-security-data-pipelines","thumbnail":{"url":"https:\/\/www.query.ai\/wp-content\/uploads\/2025\/10\/2025-10-02_SDP-Availability.png","alt":"query security data pipeline availability blog header"},"title":"Product Release: General Availability of Query Security Data Pipelines","author":{"name":"Jonathan Rau","link":"https:\/\/www.query.ai\/resources\/author\/j-rau\/"},"date":"Oct 2, 2025","dateGMT":"2025-10-02 14:05:09","modifiedDate":"2025-10-02 10:05:10","modifiedDateGMT":"2025-10-02 14:05:10","commentCount":"0","commentStatus":"open","categories":{"coma":"<a href=\"https:\/\/www.query.ai\/resources\/category\/blogs\/\" rel=\"category tag\">Blogs<\/a>","space":"<a href=\"https:\/\/www.query.ai\/resources\/category\/blogs\/\" rel=\"category tag\">Blogs<\/a>"},"taxonomies":{"post_tag":""},"readTime":{"min":11,"sec":25},"status":"publish","excerpt":""},{"id":4433,"link":"https:\/\/www.query.ai\/wp-content\/uploads\/2025\/10\/QWP-06_Definitive-Guide-to-OCSF-Mapping.pdf#new_tab","name":"ocsf-mapping-guide","thumbnail":{"url":"https:\/\/www.query.ai\/wp-content\/uploads\/2025\/10\/2025-10-01_OCSF-Mapping_WhitePaper_tmb.png","alt":"OCSF Mapping white paper thumbnail"},"title":"Definitive Guide to Open Cybersecurity Schema Framework (OCSF) Mapping","author":{"name":"Query","link":"https:\/\/www.query.ai\/resources\/author\/query\/"},"date":"Oct 1, 2025","dateGMT":"2025-10-01 17:55:53","modifiedDate":"2025-10-01 13:55:55","modifiedDateGMT":"2025-10-01 17:55:55","commentCount":"0","commentStatus":"closed","categories":{"coma":"<a href=\"https:\/\/www.query.ai\/resources\/category\/white-papers\/\" rel=\"category tag\">White Papers<\/a>","space":"<a href=\"https:\/\/www.query.ai\/resources\/category\/white-papers\/\" rel=\"category tag\">White Papers<\/a>"},"taxonomies":{"post_tag":""},"readTime":{"min":0,"sec":47},"status":"publish","excerpt":"Learn how to measure and optimize your cybersecurity investigation costs by quantifying your analysts' searches per investigation (ASPI)..."},{"id":4422,"link":"https:\/\/www.query.ai\/resources\/blogs\/query-splunk-app-2-8-release\/","name":"query-splunk-app-2-8-release","thumbnail":{"url":"https:\/\/www.query.ai\/wp-content\/uploads\/2025\/09\/2025-09-30_Query-Splunk-App-28_tmb.png","alt":"query splunk app 2.8"},"title":"Product Release: Announcing Query Splunk App 2.8","author":{"name":"Dhiraj Sharan","link":"https:\/\/www.query.ai\/resources\/author\/dhiraj\/"},"date":"Sep 30, 2025","dateGMT":"2025-09-30 14:43:11","modifiedDate":"2025-09-30 10:43:13","modifiedDateGMT":"2025-09-30 14:43:13","commentCount":"0","commentStatus":"open","categories":{"coma":"<a href=\"https:\/\/www.query.ai\/resources\/category\/blogs\/\" rel=\"category tag\">Blogs<\/a>","space":"<a href=\"https:\/\/www.query.ai\/resources\/category\/blogs\/\" rel=\"category tag\">Blogs<\/a>"},"taxonomies":{"post_tag":""},"readTime":{"min":4,"sec":27},"status":"publish","excerpt":""},{"id":4385,"link":"https:\/\/www.query.ai\/wp-content\/uploads\/2025\/09\/QWP-05_Query-Absolute-Beginners-Guide-to-OCSF.pdf#new_tab","name":"absolute-beginners-guide-to-ocsf","thumbnail":{"url":"https:\/\/www.query.ai\/wp-content\/uploads\/2025\/09\/2025-09-24_OCSF-Beginners-Guide_WP2.png","alt":"beginners guide to ocsf white paper thumbnail"},"title":"Absolute Beginners Guide to OCSF","author":{"name":"Aurora Starita","link":"https:\/\/www.query.ai\/resources\/author\/aurora-starita\/"},"date":"Sep 24, 2025","dateGMT":"2025-09-24 14:54:45","modifiedDate":"2025-09-24 15:20:18","modifiedDateGMT":"2025-09-24 19:20:18","commentCount":"0","commentStatus":"closed","categories":{"coma":"<a href=\"https:\/\/www.query.ai\/resources\/category\/white-papers\/\" rel=\"category tag\">White Papers<\/a>","space":"<a href=\"https:\/\/www.query.ai\/resources\/category\/white-papers\/\" rel=\"category tag\">White Papers<\/a>"},"taxonomies":{"post_tag":""},"readTime":{"min":0,"sec":8},"status":"publish","excerpt":"Learn how to measure and optimize your cybersecurity investigation costs by quantifying your analysts' searches per investigation (ASPI)..."},{"id":4369,"link":"https:\/\/www.query.ai\/resources\/blogs\/investigate-dns-data-in-splunk\/","name":"investigate-dns-data-in-splunk","thumbnail":{"url":"https:\/\/www.query.ai\/wp-content\/uploads\/2025\/09\/2025-09-23_DNS-Investigation-Splunk.png","alt":"query splunk dns investigations"},"title":"Customer Success Stories: DNS Data Investigation From Splunk, While Reducing Costs","author":{"name":"Dhiraj Sharan","link":"https:\/\/www.query.ai\/resources\/author\/dhiraj\/"},"date":"Sep 23, 2025","dateGMT":"2025-09-23 14:32:04","modifiedDate":"2025-09-23 12:03:52","modifiedDateGMT":"2025-09-23 16:03:52","commentCount":"0","commentStatus":"open","categories":{"coma":"<a href=\"https:\/\/www.query.ai\/resources\/category\/blogs\/\" rel=\"category tag\">Blogs<\/a>","space":"<a href=\"https:\/\/www.query.ai\/resources\/category\/blogs\/\" rel=\"category tag\">Blogs<\/a>"},"taxonomies":{"post_tag":""},"readTime":{"min":8,"sec":34},"status":"publish","excerpt":""},{"id":4347,"link":"https:\/\/www.query.ai\/resources\/blogs\/the-data-advantage-security-data-mesh\/","name":"the-data-advantage-security-data-mesh","thumbnail":{"url":"https:\/\/www.query.ai\/wp-content\/uploads\/2025\/09\/2025-09-11_security-data-mesh-soc.png","alt":"security data mesh soc blog header"},"title":"The Data Advantage: Why a Security Data Mesh Is the Foundation for Modern SOCs","author":{"name":"Jonathan Rau","link":"https:\/\/www.query.ai\/resources\/author\/j-rau\/"},"date":"Sep 11, 2025","dateGMT":"2025-09-11 14:51:08","modifiedDate":"2025-09-11 10:51:08","modifiedDateGMT":"2025-09-11 14:51:08","commentCount":"0","commentStatus":"open","categories":{"coma":"<a href=\"https:\/\/www.query.ai\/resources\/category\/blogs\/\" rel=\"category tag\">Blogs<\/a>","space":"<a href=\"https:\/\/www.query.ai\/resources\/category\/blogs\/\" rel=\"category tag\">Blogs<\/a>"},"taxonomies":{"post_tag":""},"readTime":{"min":17,"sec":13},"status":"publish","excerpt":""}]