Skip to content

Update filter combination logic in overview.md #314

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
konstantin-melnikov-docs merged 6 commits into from
Feb 27, 2026
+14 −9
Merged

Update filter combination logic in overview.md #314

Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
3e4ee92
Update filter combination logic in overview.md
pavelshabanov2025 Feb 25, 2026
601f8bf
Update docs/auditor/10.8/admin/search/overview.md
pavelshabanov2025 Feb 25, 2026
3a6fcf4
Fix typos and improve clarity in overview.md
pavelshabanov2025 Feb 27, 2026
6fa9b35
Fix grammar and clarity in search overview documentation
pavelshabanov2025 Feb 27, 2026
918d206
Fix formatting and link typo in search overview
pavelshabanov2025 Feb 27, 2026
e1aca61
Fix internal link anchor in search overview documentation
konstantin-melnikov-docs Feb 27, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 14 additions & 9 deletions docs/auditor/10.8/admin/search/overview.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ This functionality is currently available for the following data sources:
Integration API
- Netwrix Auditor Self-Audit
- Netwrix Data Classification. See
[Sensitive Data Discovery ](/docs/auditor/10.8/admin/settings/sensitivedatadiscovery.md)for more information.
[Sensitive Data Discovery ](/docs/auditor/10.8/admin/settings/sensitivedatadiscovery.md) for more information.

Netwrix Auditor executes interactive search queries against data stored in the audit databases, that
is, on data collected in the last 180 days (default retention period). If you want to investigate
Expand All @@ -56,14 +56,14 @@ You can add any elements (a dashboard, report, alert, risk, etc.) to the Auditor
access them instantly. See the [Navigation](/docs/auditor/10.8/admin/navigation/overview.md) and
[Customize Home Screen](/docs/auditor/10.8/admin/navigation/customizehome.md) topics for additional information.

There you can use the UI controls to run the variety of search queries that will fecth you exactly
There you can use the UI controls to run a variety of search queries that will fetch you exactly
the data you need.

- To view all audit data stored in all Audit Databases by all monitoring plans, click **Search**
- To view all audit data stored in all Audit Databases by all monitoring plans, click the **Search**
button in the center.

Be aware that this type of search query may take time due to a large amount of data. Thus, it is
recommended that instead of retrieveing a massive data set, you pre-configure your search query
recommended that instead of retrieving a massive data set, you pre-configure your search query
using filters.

By default, Netwrix Auditor shows only the top 2,000 entries in the search results.
Expand All @@ -78,19 +78,24 @@ the data you need.

![search_filter](/images/auditor/10.8/admin/search/search_filter.webp)

- Regardless of the selected filtering mode, Netwrix Auditor combines conditions as follows:
- Filters of the same type with positive operators are combined using the OR logical operator.
- Filters of different types are combined using the AND logical operator.
- All filters with negative operators, regardless of type, are combined using the AND logical operator. Negative operators include: not equal to, does not contain, not in group.

- By default, search results are open in the same window, so the subsequent search results will
overwrite the previous search results. To view them in different windows, click Open in new
window.
- In addition, you can customize your view by selecting columns to display.

Use search results for your own needs: save, share, create search-based alerts, subscribe to
periodic delivery of search query results, etc. See Make Search Results Actionnable for more
periodic delivery of search query results, etc. See [Make Search Results Actionable](#make-search-results-actionable) for more
information.

![search_nofilter_1](/images/auditor/10.8/admin/search/search_nofilter_1.webp)

You can also use the **Search** window to examine details for the selected activity record, or watch
a video recording (for User Ativity data).
a video recording (for User Activity data).

### Examining Activity Record in Detail

Expand Down Expand Up @@ -140,12 +145,12 @@ To include or exclude data
Your exclusions and inclusions will automatically be added to the search filters, limiting the
amount of data shown in the results pane.

## Make Search Results Actionnable
## Make Search Results Actionable

You can export your search query results, save them as a custom report, subscribe to periodic
delivery of this search results, create a search-based alert.
delivery of these search results, create a search-based alert.

Navigate to Tools in the top right corner of the Search window and select the required action.
Navigate to **Tools** in the top right corner of the Search window and select the required action.

| Use... | To... |
| -------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
Expand Down
Loading