...
Find examples and basic search fields via ArcSight Logger - Commonly Used Event Fields
Basic Search
Analyze > Search
...
A filter is a subset of the saved search, and is the "wussier" version of a "saved search"
Downloading Finished Saved Searches
- Click on the Configuration Tab.
- Select the 'Saved Search' link on the left hand toolbar.
- Click on the "Saved Search Files (logger)" internal tab.
- Find your saved search and click on the name to download the CSV file.
Advanced Usage
ArcSight provides documentation on writing queries, including regex's, within the internal documentation available here:
FAQ
What does the Star icon do?
...