FortiSIEM Keywords and Operators for Simple Searches

Keywords and Operators for Simple Searches

Both historical and real time searches have a simple search option that searches for keywords in the raw ASCII tex of event logs. You can use operators in your keyword searches to combine terms or create simple search filters.

Keyword Operators

Examples of Using Keyword Search Operators

Quotes and Backslash Characters in Search Terms

Keyword Operators

You can use the operators AND, OR, AND NOT between keywords. If you enter more than one keyword, then AND is assumed as the operator between them. You can also use parentheses () to change the precedence of the operators.

Examples of Using Keyword Search Operators

Search String Results
TCP Finds all events with TCP in the event logs
TCP 80 Finds all events with TCP and 80 in the event logs
TCP AND (80 OR 443) Finds all events with TCP and 80 or 40 in the event logs
TCP AND NOT 80 Finds all events with TCP but not 80

Quotes and Backslash Characters in Search Terms

If the search string contains quotation marks or back-slash characters, you must escape them by prefixing them with a backslash character. For example, if you wanted to search for [location]=”United States” then you would need to enter [location]=\”United States\” as your search string.


Having trouble configuring your Fortinet hardware or have some questions you need answered? Ask your questions in the comments below!!! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Leave a Reply

Name *
Email *
Website

This site uses Akismet to reduce spam. Learn how your comment data is processed.