MeshOptixIQ
Platform Pricing Docs About Sign Up

Query Registry (v1)

The standard API surface for questioning the network graph.

The v1 registry contains 109 queries across 20 categories. Queries marked Pro+ require a Pro or Enterprise license. Queries marked Enterprise require an Enterprise license.

License Requirements for Query Execution

  • Pro or Enterprise plan required for all POST /queries/{name}/execute calls. Community and Starter plans receive 403 Forbidden.
  • Firewall category queries (firewall_rules_by_device, firewall_rules_by_zone_pair, path_analysis, all_firewall_devices, deny_rules_summary) additionally require the firewall_queries plan flag.
  • update_device_metadata (NetBox pull) additionally requires the netbox_sync plan flag.
  • Routing category queries (bgp_peers, bgp_topology, bgp_peers_down) require the bgp_intelligence plan flag (Pro+).
  • Interface Metrics queries (interface_metrics, link_utilization) require the server_metrics plan flag (Pro+).
  • InfiniBand & GPU and NCCL queries (ib_topology, ib_ports_down, dcgm_gpu_health, nccl_jobs, nccl_flows_by_job, nccl_top_talkers) require the nccl_visualization plan flag (Enterprise only).
  • The 403 response body includes the query name for easier debugging.

Check your plan and expiry at any time: GET /health/license (no auth required) or meshq license.

Topology

device_neighbors

topology

Devices directly connected to a given device (via CDP/LLDP).

Input: device_name (string)

interface_neighbors

topology

Interfaces connecting two specific devices.

Input: device_a (string), device_b (string)

topology_edges

topology

Return all device-to-device connections across the full graph. Use for bulk export or rendering the complete topology map.

Input: None

topology_neighborhood

topology

N-hop BFS subgraph rooted at a given device. Returns all devices and links within the specified hop depth. Pro+

Input: device (string), depth (integer, default 2)

lldp_neighbors

topology

All LLDP-discovered adjacencies across the network.

Input: None

Endpoints

locate_endpoint_by_ip

endpoints

Trace the physical switch port location of an endpoint by IP address. Results include the vrf field.

Input: ip (string), vrf (string, optional)

locate_endpoint_by_mac

endpoints

Trace the physical switch port location of an endpoint by MAC address.

Input: mac (string)

endpoints_on_interface

endpoints

List all endpoints (MAC/IP) connected to a specific interface.

Input: device (string), interface (string)

Blast Radius

blast_radius_interface

blast_radius

Identify all endpoints that would be impacted if an interface goes down.

Input: device (string), interface (string)

blast_radius_device

blast_radius

Identify all endpoints that would be impacted if a device goes down.

Input: device (string)

blast_radius_vlan

blast_radius

List all endpoints operating within a specific VLAN.

Input: vlan (integer)

blast_radius_subnet

blast_radius

List all endpoints dependent on a specific IP subnet.

Input: cidr (string)

Addressing

ips_in_subnet

addressing

List all IP addresses currently allocated within a subnet. Results include the vrf field; pass vrf to filter to a specific routing instance.

Input: cidr (string), vrf (string, optional)

subnets_on_device

addressing

List Layer-3 subnets present on a specific device.

Input: device (string)

orphaned_ips

addressing

Identify IPs configured on interfaces that do not belong to any known subnet. Results include the vrf field.

Input: vrf (string, optional)

Hygiene

devices_without_neighbors

hygiene

Identify isolated devices that have no detected neighbors (potential config issue).

Input: None

interfaces_without_ips

hygiene

List Layer-3 interfaces that are up but have no IP address assigned.

Input: None

endpoints_without_location

hygiene

List endpoints that could not be traced to a physical switch port.

Input: None

devices_missing_os_version

hygiene

Devices with no OS version recorded (hygiene check).

Input: None

devices_missing_hostname

hygiene

Devices with generic or placeholder hostnames.

Input: None

interfaces_no_description

hygiene

Interfaces with no description set (audit check).

Input: None

duplicate_ip_addresses

hygiene

IP addresses assigned to more than one interface.

Input: None

Inventory

all_devices

inventory

Return all discovered devices with vendor, model, OS version, and serial number.

Input: None

summary_stats

summary

Aggregate counts across the full graph: devices, interfaces, endpoints, VLANs, and firewall rules. Used by the dashboard summary cards.

Input: None

update_device_metadata

inventory Pro+ netbox_sync

Pull metadata from NetBox onto Device graph nodes: site, tenant, and rack fields. Requires the netbox_sync plan flag in addition to api_access.

Input: hostname (string), nb_site (string), nb_tenant (string), nb_rack (string)

Firewall Pro+

Firewall policy queries require a Pro or Enterprise license.

firewall_rules_by_device

firewall

Retrieve all firewall rules for a specific device, ordered by rule sequence number.

Input: hostname (string)

firewall_rules_by_zone_pair

firewall

Return rules across all firewalls that match a given source and destination zone pair.

Input: src_zone (string), dst_zone (string)

path_analysis

firewall

Find the first-matching firewall rule per device for traffic between two IP addresses. Protocol and destination port are optional filters.

Input: src_ip (string), dst_ip (string), protocol (string, optional), destination_port (integer, optional)

all_firewall_devices

firewall

Return all devices that have at least one collected firewall rule, with rule counts.

Input: None

deny_rules_summary

firewall

Return all deny/drop/reject rules across every firewall, with device and rule metadata.

Input: None

Routing Pro+

BGP routing queries require a Pro or Enterprise license (bgp_intelligence flag).

bgp_peers

routing Pro+

BGP peer sessions on a device.

Input: device (string), state (string, optional — filter by BGP state)

bgp_topology

routing Pro+

All BGP peering relationships across the network.

Input: None

bgp_peers_down

routing Pro+

BGP peers NOT in the Established state — hygiene check.

Input: None

InfiniBand & GPU Enterprise

InfiniBand fabric and GPU health queries require an Enterprise license (nccl_visualization flag).

ib_topology

infiniband Enterprise

InfiniBand fabric topology: all IB ports and peer connections.

Input: None

ib_ports_down

infiniband Enterprise

IB ports NOT in Active state — health check for fabric issues.

Input: None

dcgm_gpu_health

infiniband Enterprise

DCGM GPU metrics per server: utilization, memory, power, temperature.

Input: device (string, optional)

Interface Metrics Pro+

Interface traffic metrics require a Pro or Enterprise license (server_metrics flag).

interface_metrics

metrics Pro+

Traffic counters on a device's interfaces.

Input: device (string), interface (string, optional)

link_utilization

metrics Pro+

Top links ranked by utilization percentage.

Input: None

NCCL / Training Jobs Enterprise

NCCL collective communication and AI training job queries require an Enterprise license (nccl_visualization flag).

nccl_jobs

nccl Enterprise

All active NCCL training jobs with framework, device list, and start time.

Input: None

nccl_flows_by_job

nccl Enterprise

Collective communication flows for a specific training job.

Input: job_id (string)

nccl_top_talkers

nccl Enterprise

Top GPU server pairs ranked by bytes transferred.

Input: None