Ability to Use Lucene Techniques Query for Search

 

Introduction

This article will provide advanced search examples using all techniques and capabilities of the Lucene language in the search section.

 

Advanced Search with Lucene

The screenshot below shows an example search using the criteria: "source IP address must be in the 10.10.100.0/24 or 192.168.250.0/24 subnet group, target port must be 443, protocol must not be TCP, and the search date range must not include times between 00:00 and 08:59 on the relevant day."

1.png

 

In the screenshot below, filtering has been applied to data that includes columns for source MAC address and source IP address, and includes only users with the name Administrator or whose username does not end with the "$" symbol.

Search26.png

Was this article helpful?
1 out of 1 found this helpful

Articles in this section

Become a Certified Logsign User/Administrator
Sign-up for Logsign Academy and take the courses to learn about Logsign USO Platform in detail. Enjoy the courses, and get your badges and certificates. In these courses, you'll learn how to use Logsign in your work and add value to your career.
Visit Our Blog
Our Logsign USO Platform illustrate our expertise. So do the blog. Through our blog posts, deepen your knowledge on various SecOps topics or get updated about important news & modern approaches for cybersecurity. Get into the habit of reading valuable information provided by Logsign. Be a step ahead.