This section describes how you can use search queries to perform a more specific search.
To search using search queries
-
Enter a search query in the Search query field, or click on an entry in the table.
To search, enter a valid search field followed by a value in the search field: VALUE format. For example, if you enter protocol: SSH, the search returns all the SSH sessions.
TIP: Search is case insensitive. To make the search case sensitive, enclose the search keywords in double quotes.
The search queries can include only alphanumerical characters. You can use complex expressions and boolean operators, for example, AND, OR, <,>, and so on.
For the list of search fields that you can use, see
For more information on how to use more complex keyphrases that are not covered in this guide, see the Apache Lucene documentation.
There are search fields that are not displayed but you can still use them to query the sessions. For example, you can search for active connections using the active search field, and search results are listed accordingly, but there is no active field displayed in the search table or in the Overview, Details, and Timeline tabs.
Figure 126: Sessions — Search queries
Alternatively, click
and set the filters you need from the appropriate columns. For example, to search for a specific username, select it using the drop-down menu of the Username column. For a more generic search, you can enter any text in the Contains text column.
Figure 127: Sessions — Search filters - Basic view
-
After specifying the relevant query, click Search or press Enter.
TIP: To save the queries for future use, simply save the URL or bookmark it in your browser.
Expected result
Session metadata is displayed in columns that you can query for any parameter, or a combination of parameters. You can view the metadata in the search columns and also displayed as fields in the Overview, Details, and Timeline tabs.