Keywords and Operators for Simple Searches
Both historical and real time searches have a simple search option that searches for keywords in the raw ASCII tex of event logs. You can use operators in your keyword searches to combine terms or create simple search filters.
Keyword Operators
Examples of Using Keyword Search Operators
Quotes and Backslash Characters in Search Terms
Keyword Operators
You can use the operators AND, OR, AND NOT between keywords. If you enter more than one keyword, then AND is assumed as the operator between them. You can also use parentheses () to change the precedence of the operators.
Examples of Using Keyword Search Operators
| Search String | Results |
| TCP | Finds all events with TCP in the event logs |
| TCP 80 | Finds all events with TCP and 80 in the event logs |
| TCP AND (80 OR 443) | Finds all events with TCP and 80 or 40 in the event logs |
| TCP AND NOT 80 | Finds all events with TCP but not 80 |
Quotes and Backslash Characters in Search Terms
If the search string contains quotation marks or back-slash characters, you must escape them by prefixing them with a backslash character. For example, if you wanted to search for [location]=”United States” then you would need to enter [location]=\”United States\” as your search string.