Securolytics
            Solutions Securolytics Log Management Advanced Search

            Advanced Search

            The following are advanced searches that can be used in CloudSIEM SearchEverything


            Time Range Search

            Searching a specific time range.  The @timestamp field format yyyyMMdd’T’HHmmss.

            NOTE: Date and time sections are separated by T

            Example:

            @timestamp:[2017-04-10T00:00:00 TO 2017-04-11T00:00:00]

            Text AND/OR/NOT Operators

            NOTE: Operators such as AND, OR, and NOT must be uppercase.

            AND Operator

            Separate two search terms with AND, search will only return entries that contain both search terms.

            Example:

            SearchTerm1 AND SearchTerm2

            OR Operator

            Separate two search terms with OR, search will return entreis that include either search term.

            Example:

            SearchTerm1 OR SearchTerm2

            NOT Operator

            Using the NOT operator before a search term will exclude results containing the term

            NOT SearchTerm1

            Nested Operators

            Nest each Function with ( ) and apply AND/OR/NOT Operators between nested searches

            Example:

            (SearchTerm1 AND SearchTerm2) OR (SearchTermA AND SearchTermB)

            Nested Functions with Time Range

            Adding AND @timestamp search to nested search

            Example:

            (SearchTerm1 AND SearchTerm2) OR (SearchTermA AND SearchTermB) AND @timestamp:[2017-04-10T00:00:00 TO 2017-04-11T00:00:00]

            Updated: 16 Apr 2019 09:56 AM
            Helpful?  
            Help us to make this article better
            0 0