Skip to main content
Skip table of contents

Basic Queries

Syntax for a basic query includes the following elements:

Metadata FieldclassificationName
Standard Open Quotation Mark"
Standard End Quotation Mark"

Type a query using the following basic syntax:



  1. To run a query for all activity that falls under the Malware classification:
  2. To run a query for the impacted user account jon.smith:

Lucene search is case sensitive for the metadata field value. Therefore, when entering the metadata field value, you must use the correct capitalization. If your metadata field value does not exactly match the capitalization, the LogRhythm Web Console widgets return No data available error messages.

For example, when searching on the metadata field classificationName:

Metadata Field Value EnteredSearch Result
classificationNameFiltered data
ClassificationnameNo data
classificationnameNo data
ClassificationNameNo data

In contrast, Lucene search is not case sensitive the term value.

For example, when searching on the term Malware:

Term Value EnteredSearch Result
MalwareFiltered data
malwareFiltered data
MalWareFiltered data
malWareFiltered data

For more detailed information on metadata fields and correct capitalization, see the Metadata Fields section.

To escape a special character that is part of the query syntax, use a backslash before the character. Special characters that require this treatment are: + - && || ! ( ) { } [ ] ^ " ~ * ? : \


  1. To run a query for an origin user whose name is jon*:
  2. To run a query for an origin user whose name is jon.smith-miller:
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.