Methods of Searching
Basic Search
Analyze > Search
Enter your search terms and select the time range
Example:
| No Format |
|---|
applicationProtocol="DHCP" AND deviceAction="DHCPACK" AND destinationAddress = "130.64.205.133"
|
Advanced Search
Analyze > Search > Advanced Search
This is basically just a "Query Builder." It works exactly the same way as Basic Search. It just assists you to create a search string to input for a Basic Search.
Operators:
&& | AND |
|| | OR |
! | NOT |
...
Saving a Search
ArcSight calls saved searches by 2 labels:
As a filter
A Filter saves the query expression, but does not save the time range or the field set information.
As a "saved search"
A saved search saves the query expression and the time range that you specified.
A filter is a subset of the saved search, and is the "wussier" version of a "saved search"