Skip to main content

Searching For Events

The Retraced interface supports searching for events. While it's presented as a single, simple input field, the Retraced search interface supports complex structured queries.

By default, the search query you type in the search box will search all fields for this value.

If you use the advanced search syntax, you can perform very specific and exact searches to find the data you are looking for. The syntax for this is key:value. For example, to search for all events that have an action that starts with user. you could enter the following query: action:user.*

This table shows the supported advanced searches:

actionMatches events with the action equal to the value. This supports trailing wildcards.action:user.login
crudMatches events with crud type equal to any of the values.crud:c,u,d
receivedMatches events with the received field in the range. This accepts two comma-separated ISO 8601 datetimes. Either start or end may be omitted to search an unbounded time range.received:2017-05-01,2017-06-01
createdMatches events with the created field in the range.created:2017-05-01,2017-05-02
actor.nameMatches events performed by an actor whose name contains the
actor.idMatches events performed by the actor with the exact id
descriptionMatches events with a description containing the terms in the value.description:"elevated escalated"
locationMatches events performed in a geographic region equal to the value.location:"Los Angeles"