Skip to content

Query wireless data using Live Discover

You can query wireless device data from AP6 access points using Live Discover in the Threat Analysis Center. Live Discover lets you use SQL queries to get more granular data than the data on the Wireless - Devices page. For example, you can query the connection history of wireless devices connected to your access points.

To use Live Discover for AP6 access points, go to Threat Analysis Center > Live Discover and click WiFi. Live Discover has some built-in Data Lake queries for AP6 access points. You can use these queries, edit them, or create new ones. To edit these queries or create new ones, turn on Designer Mode.

Note

If you're creating a new query for AP6 access points, select Data Lake as the Source.

For information about how to use Live Discover, see Live Discover.

Data Lake schema

To see the available tables and data, open the Data Lake schema in the schema viewer.

To open the schema viewer, do as follows:

  1. Go to Threat Analysis Center > Live Discover and click WiFi.
  2. Make sure Designer Mode is turned on.
  3. In the Query section, you can do as follows:

    • To edit a query, select the query you want to edit and click Edit.
    • To create a query, click Create new query.
  4. In the upper-right corner of the SQL dialog, click Schema.

    Open schema viewer.

    The schema viewer opens in a new tab.

  5. For AP6 access points, select NSG WiFi from the Data Lake drop-down list.

    Select the NSG Wi-Fi schema.

  6. Select nsg_wifi_data.

WiFi field names

The following table describes the Wi-Fi field names in the Data Lake:

Name Description
message_identifier Unique identifier created by the ingestion pipeline
ingest_date Date when the data was ingested
ingestion_timestamp The epoch second when the data was ingested
schema_version The Data Lake schema version
record_size The size of the data
customer_id The Customer ID
type_of_data The data sent in the stream, such as client and log data
is_full_set Whether the data sent is a full set or incremental
timestamp The timestamp at which the event was generated
device_id The unique ID of the access point
device_name The hostname of the access point
device_model The model of the access point
device_firmware The firmware of the access point
device_serial_id The serial number of the access point
client_mac The MAC address of the wireless device
client_ip IP address of the wireless device
client_hostname Hostname of the wireless device
client_event_timestamp The timestamp when the wireless device connected
client_conn_status The wireless device's connection status
log_id The log ID
log_subtype The log subtype
log_component The log component
log_message The log message
log_severity The log severity
device_sdk Wi-Fi device SDK version
device_site The site where the access point is located
wireless_network_name The name of the wireless network
wireless_band The wireless band the device is connected to
wireless_rssi The wireless signal strength measured at the device
client_bandwidth The wireless device's bandwidth
client_user_name The username associated with the wireless device
client_first_seen The timestamp when the wireless device first connected to the access point