Apologies for the dummy question 
I am working on a relevance which would match the systems which have the running process with parameter containing “xyz”.
This seem like a good start - shows the parameters of all the processes:
Q: command line arguments of processes
I need to add which contains “xyz” but can’t figure out the syntax 
Thank you,
Aleksandr
Assuming non-windows, try:
q: (name of it, command line argument of it) of processes whose (command line argument of it contains "xyz")
Thank you!
This brings me a step closer to my goal
Works as expected when the process has only one parameter:
[root@h0000279 ~]# ps -ef | egrep rpc.statd
rpcuser 1492 1 0 Aug11 ? 00:00:00 /usr/sbin/rpc.statd --no-notify
root 12713 3131 0 10:40 pts/0 00:00:00 grep -E --color=auto rpc.statd
[root@h0000279 ~]#
[root@h0000279 ~]# /opt/BESClient/bin/qna
Default masthead location, using /etc/opt/BESClient/actionsite.afxm
Q: (name of it, command line argument of it) of processes whose (command line argument of it contains “–no-notify” )
A: rpc.statd, --no-notify
T: 27884
Q: ^C
[root@h0000279 ~]# ps -ef | egrep rpcbind
rpc 1482 1 0 Aug11 ? 00:00:00 /sbin/rpcbind -w
root 12753 3131 0 10:41 pts/0 00:00:00 grep -E --color=auto rpcbind
[root@h0000279 ~]# /opt/BESClient/bin/qna
Default masthead location, using /etc/opt/BESClient/actionsite.afxm
Q: (name of it, command line argument of it) of processes whose (command line argument of it contains “-w” )
A: rpcbind, -w
T: 23994
Q: ^C
[root@h0000279 ~]#
Doesn’t works when I specify fragment of the parameter(s):
[root@h0000279 ~]# ps -ef | egrep ntp
ntp 896 1 0 Aug11 ? 00:00:00 /usr/sbin/ntpd -u ntp:ntp -u ntp:ntp -p /var/run/ntpd.pid -g
root 12822 3131 0 10:42 pts/0 00:00:00 grep -E --color=auto ntp
[root@h0000279 ~]#
[root@h0000279 ~]# /opt/BESClient/bin/qna
Default masthead location, using /etc/opt/BESClient/actionsite.afxm
Q: (name of it, command line argument of it) of processes whose (command line argument of it contains “ntpd.pid” )
T: 30550
Q: ^C
[root@h0000279 ~]#
Thank you,
Aleksandr
We may fix that with a plural
q: (names of it, command line arguments of it) of processes whose (command line argument of it contains "xyz")Thanks for looking! Still unable to select process by parameter in relevance 
Changing “argument” to “arguments” does allow to see all the arguments in qna - “Singular expression refers to non-unique object” goes away.
Thank you,
Aleksandr
[root@h0000279 ~]# ps -ef | egrep “ntp”
ntp 16116 1 0 Aug14 ? 00:00:00 /usr/sbin/ntpd -u ntp:ntp -u ntp:ntp -p /var/run/ntpd.pid -g
root 19806 13982 0 09:38 pts/0 00:00:00 grep -E --color=auto ntp
[root@h0000279 ~]# /opt/BESClient/bin/qna
Default masthead location, using /etc/opt/BESClient/actionsite.afxm
Q: (name of it, command line argument of it ) of processes whose ( name of it contains “ntp” )
A: ntpd, -u
E: Singular expression refers to non-unique object.
T: 14345
Q: (name of it, command line arguments of it ) of processes whose ( name of it contains “ntp” )
A: ntpd, -u
A: ntpd, ntp:ntp
A: ntpd, -u
A: ntpd, ntp:ntp
A: ntpd, -p
A: ntpd, /var/run/ntpd.pid
A: ntpd, -g
T: 11627
Q: (name of it, command line arguments of it ) of processes whose ( command line argument of it contains “ntp” )
T: 10965
Q: (name of it, command line arguments of it ) of processes whose ( command line argument of it contains “-p” )
T: 12079
Q: ^C
[root@h0000279 ~]#
Ok I did a little bit of checking. Each command-line argument ends up being an additional result. So to filter them, you’ll need ‘exists command line argument whose (it matches “something”) of it’ and to display all the arguments you need to concatenate the plural results with spaces.
Q: (name of it, pid of it, concatenation " " of command line arguments of it) of processes whose (exists command line argument whose (it contains "--factory") of it)
A: evolution-calendar-factory-subprocess, 8392, --factory all --bus-name org.gnome.evolution.dataserver.Subprocess.Backend.Calendarx8253x2 --own-path /org/gnome/evolution/dataserver/Subprocess/Backend/Calendar/8253/2
A: evolution-addressbook-factory-subprocess, 8518, --factory all --bus-name org.gnome.evolution.dataserver.Subprocess.Backend.AddressBookx8491x2 --own-path /org/gnome/evolution/dataserver/Subprocess/Backend/AddressBook/8491/2
A: evolution-calendar-factory-subprocess, 24967, --factory all --bus-name org.gnome.evolution.dataserver.Subprocess.Backend.Calendarx24870x2 --own-path /org/gnome/evolution/dataserver/Subprocess/Backend/Calendar/24870/2
A: evolution-addressbook-factory-subprocess, 25006, --factory all --bus-name org.gnome.evolution.dataserver.Subprocess.Backend.AddressBookx24983x2 --own-path /org/gnome/evolution/dataserver/Subprocess/Backend/AddressBook/24983/2
T: 46687
Another way to word the query with fewer parentheses is
Q: (name of it, pid of it, concatenation " " of command line arguments of it) of processes whose (exists substring "factory" of command line arguments of it)
Jason,
Thank you, this looks great!
[root@h0000279 ~]# ps -ef | egrep ntp
ntp 16116 1 0 Aug14 ? 00:00:00 /usr/sbin/ntpd -u ntp:ntp -u ntp:ntp -p /var/run/ntpd.pid -g
root 30972 13982 0 12:42 pts/0 00:00:00 grep -E --color=auto ntp
[root@h0000279 ~]#
[root@h0000279 ~]# /opt/BESClient/bin/qna
Default masthead location, using /etc/opt/BESClient/actionsite.afxm
Q: (name of it, concatenation " " of command line arguments of it ) of processes whose ( command line argument of it contains “ntp” )
T: 17818 # my “old way” , doesn’t work
Q: (name of it, concatenation " " of command line arguments of it ) of processes whose (exists substring “ntp” of command line arguments of it)
A: ntpd, -u ntp:ntp -u ntp:ntp -p /var/run/ntpd.pid -g
T: 13334 # your suggestion - works as desired!
Q: exist processes whose (exists substring “ntp” of command line arguments of it)
A: True
T: 11219
Q: ^C
[root@h0000279 ~]#
Thank you,
Aleksandr