- Search Overview
- Search Home Page
- Performing Searches
- Basic Search
- Advanced Search
- Advanced Search Building Blocks
- Running an Advanced Search Query
- Query Syntax
- Query by Subject
- Query by Vendor and Product
- Query by Field and Value
- Query by Context Table
- Query Using Regex
- Free Text Search
- Query Using Advanced Query Language Operators
- Query Using Aggregation Functions
- Query Using Structured Fields
- Dynamic Field Extraction
- Natural Language Search
- Anomaly Search
- Refine a Search
- Context Tables in Search
- Search Best Practices
- Search Results
- Dashboard Visualizations
Search and View Anomalies
You can search anomaly events in any search mode available from the search bar. When you find an anomaly of interest, open the Event Details pane to view all the available fields, and if needed, build a query with their values.
To find all of the anomalies within a selected time range, select the Advanced search mode from the drop down menu under the search bar and enter the following query: alert_source: "anomaly". Then click Search.
To find specific types of anomalies, use the Anomalies fields available in the Basic search mode as follows:
Select the Basic search mode from the drop down menu under the search bar. The query builder panel opens.
Click the Anomalies tab.
Click an anomaly field and enter a search value to begin building your query.
Note
By including an anomaly field in your query, search results include only anomaly events.
Continue to build your query as needed, and then click Search.
For information on building queries, see Basic Search.
For information about working with the search results, see Interact with Anomaly Search Results