Table of Contents
Advertisement
Special characters must be escaped by using a \ symbol:
+ - && || ! ( ) { } [ ] ^ " ~ * ? : \
The advanced search criteria are modeled on the search criteria for the Apache* Lucene* open
source package. More detail about the search criteria is available on the Web:
Syntax
(http://lucene.apache.org/java/2_3_2/queryparsersyntax.html).
1.4.2 Viewing Search Results
Searches return a set of events. Users can view basic or detailed event information and configure the
number of results per page. Search results are returned in batches. The default batch size is 25
results, but this is easily configured.
When results are sorted by relevance, only the top 100,000 events can be viewed. When they are
sorted by time, this limitation does not exist.
"Basic Event View" on page 34
"Event View with Details" on page 35
"Refining Search Results" on page 35
Basic Event View
The information in each event is grouped into initiator information and target information. If data
isn't available for a particular event field, the fields are labeled Unknown.
Figure 1-6
Occasionally, the search engine might index events faster than they are inserted into the database. If
you run a search that returns events that have not been inserted into the database, you get a message
that some events match the search query but could not be found in the database. If you run the search
again later, the events are usually in the database and the search is successful.
34
Sentinel 6.1 Rapid Deployment User Guide
Basic Event View
Lucene Query Parser
Advertisement
Table of Contents
