WebsiteLinkedIn

Complex Epiphany Queries

Using the building blocks of the search query syntax, Epiphany can allow users to create complex queries to search for specific things.

Here is a list of advanced rules to follow when using the Epiphany's search functions:

More Than One Column and Value Pairing

More than one column and value combination can be used at once, so long as both columns reside within the same underlying index. If no logical operator is used between column and value pairings, it defaults to AND.

Information about the underlying indexes and keywords used by them can be found in the Search Keywords section.

Syntax

<column1>:<value1> <column2>:<value2>

In the syntax above, both of these conditions must exist: value1 must exist in column1 and value2 must exist in column2. Because no logical operator is used, the syntax defaults to AND. 

<column1>:<value1> <value1.2> | <column2>:<value2>

In the syntax above, either value1 and value1.2 must exist in column1, or value2 must exist in column2.

Examples

sources:windows_ad CVE:2022*

In the example above, windows_ad must exist in the sources column, and values beginning with 2022 must exist in the CVE column. All entries matching these conditions will list. 

sources:windows_ad crowdstrike | CVE:2022*

In the example above, either windows_ad and crowdstrike must exist in the sources column or values beginning with 2022 must exist in the CVE column. This would create a hybrid list showing all entries containing both windows_ad and crowdstrike as well as all CVEs beginning with 2022.

Searching for Strings That Include Spaces: Use Single Quotes Only

When searching for specific strings that include spaces, use single quotes around the string. Double quotes are not allowed.

Example

<column>:'<value in single quotes>'

  • Only single quotes are usable when looking for specific strings with spaces.

    • Double quotes are not allowed.

    • Example: (special characters)

      • <column>:'<value to place in quotes>'

Space usage in overall search structure:

  • Spaces are used to delimit logical operators and to determine the end of a column/value structure.

    • <value> <operator> <value>

    • <lastvalue> <next_column>

Space usage in values:

  • Spaces in strings are only allowed within single quotes and parenthesis.

    • Example:

      • <column>:(<value1> | <value2> | '<value3 is a string with spaces in quotes>')

PreviousQuery OperatorsNextSearch Keywords

Last updated