Table of Contents | ||||
---|---|---|---|---|
|
...
Rw ui steps macro | |||||||||
---|---|---|---|---|---|---|---|---|---|
Go to Data search and select the Global search tab.
Enter the expression you want to search for. You can use standard AND and OR operators, use an asterisk ( * ) as a wildcard, or quotation marks ( "" ) to indicate exact expressions. For example: user1@domain.comORuser2@domain.comAND"illegal access"AND*apache
Click to open the time menu and select the time period over which you want to search (see the section below for more info).
Select the tables that you wish to search. Note that, by default, all tables are selected, and switching off one of them will switch off the Select all tables option.
Hit the
|
...
Note |
---|
Activity shown In order to avoid long loading times, note that the global search only returns events from data tables that had some activity for the last 7 days. |
...
Rw ui tabs macro | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
You can set a time interval following the steps described in the picture below.
You can also introduce time ranges manually using date language expressions, which gives you more flexibility and precision when searching your data. Simply click on the date field and write the desired time expression or edit the existing one. The field turns red and an explanatory message appears until a valid date is entered. Click Apply when you finish. When the and the expressions will be translated into the corresponding dates.
You can use a mix of both absolute and date language expressions in any given time range (for example, the to date can be relative and the from date absolute, and vice versa). For date language expressions, the current moment "now()" is used as the reference point. OperatorsYou can establish absolute dates in the required format:
With date language expressions, use a series of mathematical operations to move away from the current time which is used as the reference point. You can use multiple operators at once and the execution order is from left to right:
Time expressionsLet's suppose the current time (which we refer to as "now()") is Sunday, 05 February 2017, 13:37:05. The table below shows the resulting time when different expressions are applied. Note that this isn't an exhaustive list:
|
...