Query wireless data using Live Discover
You can query wireless device data from AP6 access points using Live Discover in the Threat Analysis Center. Live Discover lets you use SQL queries to get more granular data than the data on the Wireless - Devices page. For example, you can query the connection history of wireless devices connected to your access points.
To use Live Discover for AP6 access points, go to Threat Analysis Center > Live Discover and click WiFi. Live Discover has some built-in Data Lake queries for AP6 access points. You can use these queries, edit them, or create new ones. To edit these queries or create new ones, turn on Designer Mode.
Note
If you're creating a new query for AP6 access points, select Data Lake as the Source.
For information about how to use Live Discover, see Live Discover.
Data Lake schema
To see the available tables and data, open the Data Lake schema in the schema viewer.
To open the schema viewer, do as follows:
- Go to Threat Analysis Center > Live Discover and click WiFi.
- Make sure Designer Mode is turned on.
-
In the Query section, you can do as follows:
- To edit a query, select the query you want to edit and click Edit.
- To create a query, click Create new query.
-
In the upper-right corner of the SQL dialog, click Schema.
The schema viewer opens in a new tab.
-
For AP6 access points, select NSG WiFi from the Data Lake drop-down list.
-
Select nsg_wifi_data.
WiFi field names
The following table describes the Wi-Fi field names in the Data Lake:
| Name | Description |
|---|---|
| message_identifier | Unique identifier created by the ingestion pipeline |
| ingest_date | Date when the data was ingested |
| ingestion_timestamp | The epoch second when the data was ingested |
| schema_version | The Data Lake schema version |
| record_size | The size of the data |
| customer_id | The Customer ID |
| type_of_data | The data sent in the stream, such as client and log data |
| is_full_set | Whether the data sent is a full set or incremental |
| timestamp | The timestamp at which the event was generated |
| device_id | The unique ID of the access point |
| device_name | The hostname of the access point |
| device_model | The model of the access point |
| device_firmware | The firmware of the access point |
| device_serial_id | The serial number of the access point |
| client_mac | The MAC address of the wireless device |
| client_ip | IP address of the wireless device |
| client_hostname | Hostname of the wireless device |
| client_event_timestamp | The timestamp when the wireless device connected |
| client_conn_status | The wireless device's connection status |
| log_id | The log ID |
| log_subtype | The log subtype |
| log_component | The log component |
| log_message | The log message |
| log_severity | The log severity |
| device_sdk | Wi-Fi device SDK version |
| device_site | The site where the access point is located |
| wireless_network_name | The name of the wireless network |
| wireless_band | The wireless band the device is connected to |
| wireless_rssi | The wireless signal strength measured at the device |
| client_bandwidth | The wireless device's bandwidth |
| client_user_name | The username associated with the wireless device |
| client_first_seen | The timestamp when the wireless device first connected to the access point |

