Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Searching with the Visual Query Builder

You can use the visual builder to search for specific event and flow data without any knowledge of Ariel Query Language (AQL).

  1. From the navigation menu, click Search, and select the Visual builder tab.

  2. If you want to enable quick filtering of simple terms from your results, toggle the Quick Filter switch, type a value to filter, and press Enter.

  3. Select a boolean IF operator for your condition set.

    • AND includes only data that meets all of the conditions in your set.

    • OR includes data that meets any of the conditions in your set.

  4. Select a Condition to search for.

    Examples include source or destination IP addresses, geographic locations, event names, log sources, and many more.

  5. Select an Operator, such as Equals, Does not equal, or a value specific to that condition.

  6. Type or select a Value, or use the toggle icon to display child values.

  7. To add more conditions to your set, click Add another condition, then repeat Steps 4 to 6 to define each condition.

  8. To add another condition set to your query, click Add condition set, select the AND or OR boolean operator, then repeat Steps 4 to 6 to define each condition in the new set.

  9. After you finish defining conditions, click Run Search.