You can use the following search tokens to search for information about events on the Advanced Hunting tab:
query.namequery.name
Use a text value to search events by query name.
Example
Show event(s) that have a query name
query.name:BitLockerToGo Execution
query.typequery.type
Use a string value to help you find events by query type (SYSTEM, USER).
Show event(s) with this query type
query.type:SYSTEM
query.categoryquery.category
Use a string value to help you find events by query category.
Show event(s) with this query category:
query.category:Common Hunting
query.useridquery.userid
Use a text value to help you find the unique identifier associated with the user who created or owns the query.
Show event(s) with this query userid:
query.userid:user12345
query.usernamequery.username
Use a text value to help you find the user's name who created or owns the query.
Show event(s) with this query username:
query.username:jdoe
query.isfavoritequery.isfavorite
Use a boolean value to help you find whether a query has been marked as a favorite by the user.
Show event(s) with this query:
query.isfavorite:TRUE
