Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

Methods of Searching

Basic Search

Analyze > Search

Enter your search terms and select the time range

Example:

applicationProtocol="DHCP" AND deviceAction="DHCPACK" AND destinationAddress = "130.64.205.133"

Advanced Search

Analyze > Search > Advanced Search

This is basically just a "Query Builder." It works exactly the same way as Basic Search. It just assists you to create a search string to input for a Basic Search.

Operators:

&&

AND

||

OR

!

NOT

Saving a Search

ArcSight calls saved searches by 2 labels:

As a filter
A Filter saves the query expression, but does not save the time range or the field set information.

As a "saved search"
A saved search saves the query expression and the time range that you specified.

A filter is a subset of the saved search, and is the "wussier" version of a "saved search"

FAQ

What does the Star icon do?

It's the "search analyzer." It examines your query to see if it is optimized (ie. will it run fast?). An optimized query will use indexed columns for searching. The star makes you think it would do something awesome. But it doesn't :(

How do I reduce the number of result columns I get?

Use fieldsets. You can select what you want with "Fields: ..."

As an example, try the "DMCA_1" fieldset. Or click customize... to define your own.


  • No labels

Information on the Tufts IT Knowledgebase is intended for IT Professionals at Tufts.
If you have a question about a Tufts IT service or computer/account support, please contact your IT support group.