Investigations
      Back to home
      1. Help Center
      2. CloudNine Analyst
      3. Investigations

      CloudNine Analyst: Search Options Available in CloudNine Analyst

      Search Types

      Overview on Searching 

      For a general overview of navigation, search fields, case sensitivity, wildcards, fuzziness, and boolean operators:
       

      Has the Word or Phrase

      Highlight hits that match the searched word or phrase verbatim. 
      Has the Word or Phrase does not search for special characters or wildcards.
       
      Has Any of the Words (OR), Has All of the Words (AND)
      CloudNine Analysts supports the following single query strings:
      Any of the words/phrases (OR) - search results are returned for any of the words or phrases entered.
      All of the words/phrases (AND) - search results are returned for all of the individual words in a search term.

      Boolean Operators and Wildards

      Boolean operators in the single query strings must be capitalized and written in word format (OR, AND).
       
      Quote marks, wildcards, and special characters can be used in both single query strings.
       
      Supported characters:
      =       &     ~     
      !      *      ?
      :      ^      "
      { }      (  )      | |
      \ /      > <      [ ]
       
      + and - are not supported by the two search types.
       
       
      To learn more about quote marks, wildcards, and special characters, please visit this article:

       https://support.esianalyst.com/portal/en/kb/articles/search-functions-in-esi-analyst
       
       
       

      Starts With/Ends With the Word

      Highlights messages in which the searched term appears at the beginning or end of a field or file path. 
      Does not search for special characters.
       
       

      Regular Expression Search

      CloudNine Analyst's engine is Apache Lucene. We support common standards but we do not support line endings (^ and $).
       
      The following characters are reserved as operators:   . ? + * | { } [ ] ( ) " \ # @ & < > ~
       
      To use one of these characters literally, escape it with a preceding backlash, or surround it with double-quotes.
      Eg:
      \@ renders as a literal '@'
      \\ renders as a literal '\'
       
      Patterns include special characters in sequence to derive results from the content.
      For more information on Regular Expression syntax, visit this article: https://www.elastic.co/guide/en/elasticsearch/reference/current/regexp-syntax.html
       

      Full Query String

      The Full Query String is ESI Analyst's most powerful and inclusive search type.
       
      Unlike the single query strings, the full query string also allows you to use plus and minus signs as Boolean operators (+, -). 
       
      Supports quote marks, single and multiple character wildcards, boolean operators, and fuzziness.
       
      Full Query String special characters include:
      +      -      =
      &     ~      !      *
      ?      :      ^      "
      { }      (  )      | |
      \ /      > <      [ ]