Product Documentation

About self-service search

Self-service search enables you to find and filter user events based on your requirements and preferences.

Self-service search is available for the following data sets:

You can access the self-service search using the following options:

  • Top bar: Click Search on the top bar to directly access the search page.

  • Risk timeline on user profile page: Click Event Search to access the search page and view the events corresponding to a specific user’s risk indicator and the data source.

From the top bar:

  1. Click Search to view the self-service page.

    localized image

  2. Select the data set to view the corresponding search page and the events.

    localized image

From risk timeline on user profile page:

When you select a risk indicator from the user’s timeline, the risk indicator information section is displayed in the right pane. Click Event Search to view the self-service search page.

localized image

The search page displays the events and timeline details corresponding to the user’s risk indicator and the data source.

For more information on risk timeline, see Risk timeline.

Use the following features on the self-service search page:

localized image

Use facets to filter events

Facets are the summary of data points based on the data set. Use the facets to search and filter the user events. For more information on the facets corresponding to data sets, see the following topics:

Use search query in the search box to filter events

When you place your cursor in the search box, the search box gives you a list of search suggestions based on the selected data set. Use the search suggestions to specify your search criteria and drill down to your data.

For example, in self-service search for access, when you place the cursor in the search box, you get the list of search suggestions related to the access events. Specify your query by using the search suggestions, select the time period, and then click Search.

localized image

You can also use the following operators in your search queries.

Operator Use Search syntax example Output
: Assign a value to the search query User-Name : John Displays events for the user John
= Assign a value to the search query User-Name = John Displays events for the user John
~ Search similar terms User-Name ~ test Displays events having similar user names
”” Enclose values separated by spaces User-Name = “John Smith” Displays events for the user John Smith
<, > Search for relational value Data Volume > 100 Displays events where data volume is greater than 100 GB
AND Search events where both conditions are true User-Name : John AND Data Volume > 100 Displays events of user John where data volume is greater than 100 GB

For more information on how to specify your search query for the data set, see the following topics:

Select time to view event

Select a preset time or specify a custom time range to view the events and time line details. Click Search to view the events for the selected time period. By default, the selected time period is the last one hour.

localized image

View the timeline details

The timeline details give a graphical representation of the access events for the selected time period. Move either of the selector bars to select the time period and view the events corresponding to the selected time period.

The figure shows timeline details for access data.

localized image

For example, you want to view the events that have occurred from 09:25 IST to 09:55 IST. Use the selector bars to select the time period. After you have selected the time period, the events corresponding to the selected time period is displayed.

localized image

View the event

You can view the detailed information about the user’s event. Click a user to get insight into the user’s data.

The figure shows the user’s details for access data.

localized image

Add columns in the event list

You can also add columns and select the data points that you want to view in the event list.

For example, if you want to add columns in the event list for the access data set, do the following:

  1. Click + to add columns for the data points that you want to view on the event list.

    localized image

  2. In the Add Column window, select the data that you want to view and click then Add Columns.

    localized image

Export the events to a CSV file

You can also export the searched events to a CSV file and save for future use. Click Export to CSV format to export and download the CSV file that is generated.

localized image

About self-service search