By Default, searches in Investigate are run against all indexed attributes and are limited o the first 15 characters of the keyword for performance reasons. This limitation can pose a challenge when you need to match longer keywords or key phrases.

To address this, Investigate provides a way to run a targeted search on a specific attribute. When you specify the attribute to be searched, the 15-character limit does not apply, allowing you to look for longer keywords or phrases without compromising performance.

How to use Targeted Searches

Use the following format to run a targeted search on a specific attribute:

<Attribute Name>:<keyword or key phrase>

the asterisk "*" character is supported which represent unlimited numbers of characters.

Example 1:

Suppose you want to search for all records related to a specific email address. You can run the query like this:

user:[email protected]

In this example "user"  is the attribute name, and "[email protected]" is the keyword

by using targeted searches, you can quickly and efficiently locate information without the 15-character limit restriction.

Example 2:

message:*substring*

this search query matches any string that contains the "substring" value

Example 3:

user:*example.*

this search matches [email protected], [email protected], [email protected],  any user id that contains "example."

Here is a list of some of the attributes that can be used :