Creating Search Queries

QUICK TIP: Try asking yourself, "What am I looking for?" and spell out your query in filters or exclusions.
For example: I'm looking for all modifications (What) Ian Rush (Who) made during the last 24 hours (When). Or I'm looking for changes made by members of the Domain Admins group (Who) except for a trustworthy administrator called James Good (exclude Who).

To search for audit data:

Note: The procedure below applies to the Active Directory source. Running search may vary slightly for other sources.

  1. On the home page, select a source.
  2. Select Search.
  3. Customize your search—create a search query tailored to look for the information you are specifically interested in. Make sure to use full names as filters are designed to search for exact entries (e.g.,\ian.rush instead of ian.rush). To retrieve all activity, keep the search filters blank.

    • On the Filter tab, specify parameters to narrow down your search results (for example, specify a user name in the Who filter to narrow down your search to activity of a specific user).

      ClosedMore about filters

    • On the Exclusions tab, specify entities you do not care about at the moment and do not want to show up in this search query (for example, a trustworthy administrators group).

    • On the Grouping tab, update your grouping preferences if you want to bundle change records based on a certain rule (for example, by user or by action type).

    You can run search without filters or exclusions to get all change records for your source.

    ClosedShow me example

  4. Select Search. Cygna Auditor will run your query and list all records found based on parameters you specified. For more information on how to view search results, refer to Reading Search Results.
QUICK TIP: Do you like your search query? Save it as a custom report and run it any time you like. Click the Save as report button in the upper right corner of your search results. Click Export to download the results as a pdf or xml document.