Skip to main content

Exabeam SearchExabeam Search Guide

Query by Context Table

You can search inside any field and compare the values to values in up to two context tables. For example, you might want to search the logs for events involving vendors that match to any vendor listed in one or two specific context tables.

Note

See Context Tables in Search for more information, including rules and limitations.

Examples of valid query syntax:

  • fieldName IN "nameofcontexttable"

  • fieldName IN "nameofcontexttable1" AND fieldName IN "nameofcontexttable2"

  • fieldName : "value" AND fieldName IN "nameofcontexttable"

  • fieldName : "value" AND fieldName IN "nameofcontexttable1" AND fieldName IN "nameofcontexttable2"

  • (fieldName1 : "value1" OR fieldName2 : "value2") AND fieldName IN "nameofcontexttable"

  • (fieldName1 : "value1" OR fieldName2 : "value2) AND (fieldName3: "value3" OR fieldName4 : "value4) AND fieldName IN "nameofcontexttable"

  • (fieldName1 : "value1" OR fieldName2 : "value2") AND (fieldName3 : "value3" OR fieldName4 : "value4") AND NOT fieldName IN :nameofcontexttable" 

  • (fieldName1 : "value1" OR fieldName2 : "value2")  AND NOT (fieldName3 : "value3" OR fieldName4 : "value4") AND fieldName IN "nameofcontexttable"

Examples of invalid query syntax:

  • (fieldName1 : "example1" AND fieldName2 : "example2") OR fieldName IN "nameofcontexttable"

    Note

    OR is not allowed with a context table.