Our search capabilities give you the ability to quickly find events matching certain criteria.
You'll notice the Search field above the Events list. This is where you'll enter your search query. (Tip - Search for incidents on the Incidents tab and assets on the Assets tab in a similar way.)
Start typing and we'll show you the event properties you can search like actor process, asset hostname, profile name, etc. Select the one you're interested in.
Now enter the value you want to match, and click Search. That's it! Your matches will appear in your events list.
Note that date range for searching events should be less than or equal to 365 Days. That date range can be any year to any year, but difference between total number of days should be less than or equal to 365 days.
See also: How to search | Group by options
Tip - Use your queries to create dashboard widgets on the Dashboards tab.
Using our search action menu options, you can view the frequently-used QQL queries, save, and manage them with ease. You can create widgets from frequently used queries for easy reference in future. Looking for the different actions on the search queries, see Search Actions.