Search Help Query Builder

The Search experience in the Alert Logic console is intended to allow you to perform basic and advanced searches for different data types. The Search feature is flexible for structuring advanced search queries, and using fields and predefined expressions to help you find and organize messages most relevant to your investigation.

The Alert Logic console provides a help library of search fields that you can use to add to your query in Search in Expert mode. This allows you to quickly create effective searches that address the security concerns and goals for your organization. You can then save and schedule your searches for later use with the Saved Searches feature. To learn more about the Saved Searches feature, see Saved and Scheduled Searches.

To access the Search page, click the menu icon (), and then click Investigate. Click Search, and then click the Search tab.

About search help

You have access to all the search fields in the help library. When you use a search field, you must substitute the placeholder text with values relevant to your search.

The fields are organized into the different data types. Use the search field and the field drop-down list to help narrow down available search fields in that data type.

To use a search field:

  1. In the Search page, use the drop-down list to switch to Expert Mode.
  2. Place your cursor in the query where you want the field placed.
  3. Click Help.
  4. Select and expand the data type that contains the search field you want to use.
  5. Click the search field you want to use.
  6. Replace the placeholder text with values relevant to your search.
  7. Click SEARCH.

After you enter your values into a search template, you can choose to save and schedule the search for future use. For more information, see Saved and Scheduled Searches.