You can use the visual builder to search for specific event and flow data without any
knowledge of Ariel Query Language (AQL).
Procedure
- From the navigation menu (
), click Search, and select the Visual builder
tab.
- If you want to enable quick filtering of simple terms from your results, toggle the
Quick Filter switch, type a value to filter, and press
Enter.
- Select a boolean IF operator for your condition set.
- AND includes only data that meets all of the conditions in your
set.
- OR includes data that meets any of the conditions in your
set.
- Select a Condition to search for.
Examples include
source or destination IP addresses, geographic locations, event names, log sources, and many
more.
- Select an Operator, such as Equals, Does not
equal, or a value specific to that condition.
- Type or select a Value, or use the toggle icon to display child
values.
- To add more conditions to your set, click Add another condition,
then repeat Steps 4 - 6 to define each condition.
- To add another condition set to your query, click Add condition
set, select the AND or OR boolean
operator, then repeat Steps 4 - 6 to define each condition in the new set.
- After you finish defining conditions, click Run
Search.