Product Documentation

Self-service search for access data

Use self-service search to get insight into access details of the Citrix Cloud users in your enterprise. Access data is collected for the users who have access to the Citrix Access Control service.

To use self-service search, from the Security tab, click Event Search.

localized image

You see the following self-service search page.

localized image

Access data and its timeline details are shown on the page. You can search and filter the data using the facets and search queries.

Use the following features on the self-service search page:

Use facets to filter your data

Facets are the summary of data points based on the data set. Use the facets to search and filter the users’ events. For example, you want to view the users who have accessed to dangerous URLs. Click Dangerous Access in the Reputation facet to get the users’ events corresponding to dangerous URLs.

Use the following facets that are associated to Access data set.

localized image

  • Reputation- Search events based on URL reputations such as clean, malicious, dangerous, or unknown websites.

  • Responder Action Type- Search events based on actions taken on users’ applications such as allow, block, and redirect.

  • Location- Search events based on users’ access locations.

  • URL Category Group- Search events based on categories of URL accessed such as adult, business, industry, computing.

  • Content Category- Search events based on categories of contents accessed such as application, image, and text.

  • Request- Search events based on HTTP methods such as GET, POST, PUT, DELETE.

  • Response- Search events based on HTTP response.

Use search to enter your query and filter your data

Use the search box to specify your search criteria and drill down to your data. The search box gives you a list of search suggestions. You can also use operators in your search queries.

The table describes the valid operators that you can use in your search query.

Operator Use Search syntax example Output
: Assigns a value to the search query User-Name : John Displays events for the user John
= Assigns a value to the search query User-Name = John Displays events for the user John
~ Searches similar terms User-Name ~ test Displays events having similar user names
<, > Searches for relational value Data Volume > 100 Displays events where data volume is greater than 100 GB
AND Searches events where both conditions are true User-Name : John AND Data Volume > 100 Displays events of user John where data volume is greater than 100 GB

For example, you want to view the test domains where data download is more than 2,000 GB. To view the events, you can specify your search query as follows:

  1. Place your cursor in the search box to get the list of search suggestions.

    localized image

  2. Or specify the required word in the search box to get the related suggestions.

    localized image

  3. Click Domain, the equal sign, and then specify the value. The value specified is test.

    localized image

    localized image

  4. Use the AND and > operators in your search query and click Search to get the result.

    localized image

Select time to view event

Select a preset time or specify a custom time range to view the events and time line details. Click Search to view the events for the selected time period. By default, the selected time period is the last one hour.

localized image

View the timeline details

The timeline details give a graphical representation of the access events for the selected time period. Move either of the selector bars to select the time period and view the events corresponding to the selected time period.

localized image

For example, you want to view the events that have occurred from 09:25 IST to 09:55 IST. Use the selector bars to select the time period. After you have selected the time period, the events corresponding to the selected time period is displayed.

localized image

View the event

You can view the detailed information about the user’s event. Click a user to get insight into the user’s data.

localized image

Add columns in the event list

You can also add columns and select the data points that you want to view in the event list. Do the following:

  • Click + to add columns for the data points that you want to view on the event list.

    localized image

  • In the Add Column window, select the data that you want to view and click then Add Columns.

    localized image