VAST query language (or VASTQL) allows for flexible extraction of events. It is currently limited to the expression language to filter a subset of data.
Moving forward, we plan to go beyond pure filter and add a pipeline-style dataflow processing engine. This engine exists partially today to transform data, but needs further work to be available for user queries.
The basic idea is that a query consists of two connected pieces: a dataset to represent a data source and a pipeline as a squence of operators to process the data.
To date, a VAST expression takes the role of a dataset and the pipeline is a
transformation. VAST implements a few operators as custom commands, such as
explore. Stay tuned.