If you need help constructing a VQL query, navigate to the Resource Reports page and click New Resource Report. From the top left, open the Filters menu. Create a filter and click the View as VQL button at the top of the Filters menu to see a filter’s VQL representation. You can copy this syntax to use within your API calls.

Resource Reports VQL Schema

VQL for Resources Reports comprises two namespaces: resources and tags, which represent the available filters on Resource Reports in the Vantage console. To reference a filter, use the following syntax: namespace.field (e.g., resources.region or tags.name). The following fields are available within these namespaces.
NamespaceFieldVQL Example
resourcesproviderProviders example
resourcesregionRegion example
resourcesaccount_idAccount example
resourcesprovider_account_idBilling Account example
resourcestypeResource Type example
resourceslabelLabel example
resourcesuuidUUID (AWS ARN) example
resourcesmetadataMetadata example
tagsnameTags name/value example
tagsvalueUntagged example
Availability of the fields listed above varies among different cloud providers. See the Resource Reports documentation for a full list of filter fields available per provider.

Keywords

VQL includes a set of keywords to create complex filter conditions. These keywords function similar to their SQL equivalents.
KeywordDescriptionVQL SampleExplanation
ANDLogical AND operatorresources.provider = 'aws' AND resources.label = '123456'This example filters AWS resources, with a specific associated label, where both conditions must be true.
ORLogical OR operator(resources.provider = 'aws') OR (resources.provider = 'gcp')This example retrieves resources from either AWS or GCP. At least one condition must be true.
LIKE and NOT LIKEPerforms string comparisonsresources.provider = 'aws' AND resources.uuid LIKE '%arn:aws:s3:::my-bucket%''This example selects data where the resource ARN contains arn:aws:s3:::my-bucket, such as arn:aws:s3:::my-bucket-123.

This same query also works for NOT LIKE where data does not contain a particular string: resources.provider = 'aws' AND resources.uuid NOT LIKE '%arn:aws:s3:::my-bucket%'.
IN/NOT INUsed to compare against an array list(resources.provider = 'aws' AND (resources.region IN ('ap-northeast-1','ap-northeast-3')))This example filters based on a list of regions, returning data for the specified regions

You can also use NOT IN to find results that are anything but the items within the list: (resources.provider = 'aws' AND (resources.region NOT IN ('ap-northeast-1','ap-northeast-3')))
!=Represents negation, “is not”resources.provider = 'azure' AND (resources.type != 'azurerm_public_ip' AND resources.type != 'azurerm_kubernetes_cluster')This example filters out data from two specified resource types, providing all Azure resources that are not these types.
<, >, <=, >=Mathematical operators for numerical queriesresources.provider = 'azure' AND (resources.type = 'azurerm_virtual_machine' AND resources.metadata->>'virtual_machine_size' > '7')This example looks for Virtual Machines that have a size greater than 7.
->>This operator is used only when constructing queries related to metadataresources.provider = 'aws' AND (resources.type = 'aws_instance' AND resources.metadata->>'architecture' = 'x86_64')This example looks for EC2 instances with an architecture of x86_64.
With these operators and keywords, you can construct complex filter conditions in VQL.

VQL Examples

The following examples cover common use cases for VQL.

Combining Providers

Filter for provider resources associated with either AWS or GCP. 
(resources.provider = 'aws') OR (resources.provider = 'gcp')

Costs from a List of Regions

Filter for AWS costs in two regions. Note that you will need to use the region code, such as us-east-1. 
resources.provider = 'aws' AND (resources.region = 'us-east-1' OR resources.region = 'us-west-1')

Costs by Account ID

Costs for a specific set of resource types and account ID. 
resources.provider = 'gcp' AND (resources.account_id = 'user-proj-1234') AND (resources.type = 'google_compute_disk' OR resources.type = 'google_compute_instance')

Costs by Billing Account

Costs for a specific billing account. 
resources.provider = 'aws' AND (resources.provider_account_id = '11111111111')

Costs by Resource Type

Filter costs to see a specific resource type. In the example below, the query is looking for any AWS resource that is not an AWS CloudFront Distribution. Resource types are represented like aws_cloudfront_distribution. Expand the box below for a list of all available resource types and their VQL equivalents. 
resources.provider = 'aws' AND (resources.type != 'aws_cloudfront_distribution')

Costs by Label

Resource costs by specific label. 
resources.provider = 'aws' AND resources.label = '123456'

Costs for Specific ARN

The UUID is the unique identifier for the resource. In the case of AWS resources, this is the ARN. The below example shows a query for resources that contain specific text within the ARN. 
resources.provider = 'aws' AND resources.uuid LIKE '%arn:aws:s3:::my-bucket%'

Resource Metadata Costs

Resource metadata costs require both provider and type as well as metadata. Metadata uses a specific syntax (e.g., resources.metadata->>'domain' = 'vantage.sh'). 
resources.provider = 'aws' AND (resources.type = 'aws_cloudfront_distribution' AND resources.metadata->>'domain' = 'vantage.sh')

Filter by Tag

Filter resources based on a specific tag, such as terraform, with the value true, in AWS. 
resources.provider = 'aws' AND (tags.name = 'terraform' AND tags.value = 'true')

Filter for Untagged Resources

On providers that have a Not Tagged filter option in the console, you can use the below VQL to see untagged resources. This example looks for untagged resources in a multi-cloud environment. 
resources.provider = 'gcp' AND tags.name = NULL) OR (resources.provider = 'aws' AND tags.name = NULL