User Guide
Searching Alerts

You can search for alerts using the search bar above the Alerts table. The search tool follows the Lucene syntax which supports a rich query language. For more information, see Apache Lucene - Query Parser Syntax.

  1. To search on an item that is displayed in the Alerts table, simply click on the item and it will display in the Searches field.

    Figure 5.2. Searches Field

  2. You can also directly type in the Searches field to enter search criteria.

    For example, you can enter source:type:snort.

  3. To remove an item in the Searches field, mouse over the information in the Searches field until an x appears at the end of the text. Click on the x to remove the search filter and the operator following or preceding it.

  4. To clear the entire Searches field, click the x at the end of the field.