- Search Overview
- Search Home Page
- Performing Searches
- Basic Search
- Advanced Search
- Advanced Search Building Blocks
- Running an Advanced Search Query
- Query Syntax
- Query by Subject
- Query by Vendor and Product
- Query by Field and Value
- Query by Context Table
- Query Using Regex
- Free Text Search
- Query Using Advanced Query Language Operators
- Query Using Aggregation Functions
- Query Using Structured Fields
- Dynamic Field Extraction
- Natural Language Search
- Anomaly Search
- Refine a Search
- Context Tables in Search
- Search Best Practices
- Search Results
- Dashboard Visualizations
Performing Searches
On the Search home page, you can choose between different search modes. The syntax for Search is similar to the Lucene query language.
Note
Search conforms to the Common Information Model (CIM). For more information, see the Security Content documentation.
To select a search mode, click the Search mode drop down menu, on the left just below the search bar. The search bar appearance will change depending on which of the following modes you select:
Basic – Use the prebuilt lists of subjects, vendors, products, and fields to build a query that will search your data.
Advanced – Use the Exabeam Query Language (EQL) syntax and operators to construct your own complex queries.
Natural Language – Use plain language to enter a search prompt.
For more information about the using the search bar and its controls, see Search Bar.