You can use special punctuation marks to refine your search.
Table 3: Operators that can be used in keyword queries
| Specify part of a word |
* |
serv* |
Include terms beginning with "serv". |
| Exclude specified content |
- |
-mail* |
Excludes content with values that match the exclusion. |
| Exclude specified content |
NOT
(case-sensitive) |
NOT mail* |
Excludes content with values that match the exclusion |
| Include specified content |
+ |
+mail* |
Includes content with values that match the inclusion. |
| Multiple keywords |
space |
mail user |
Returns content that includes either 'mail' or 'user'. |
| Multiple keywords |
OR
(case-sensitive) |
mail OR user |
Returns content that includes either 'mail' or 'user'. |
| Multiple keywords |
AND
(case-sensitive) |
mail AND user |
Returns content that includes both these keywords. |
| Exact phrase |
Quotation marks |
"Object hard deleted" |
Finds items that contain the exact phrase "Object hard deleted". |
|
|
Note: Asterisk matches zero or more non-space characters. |
Table 4: Query examples to search by date range
|
Search for the backup created on September 18, 2017 Eastern Time (UTC-5) in the Select backups to unpack dialog |
when:[2017-09-18T00:00:00-05 TO 2017-09-19T00:00:00-05] |
| All events after June 27 |
timestamp:[2017-06-27 TO *] |
| All events up to June 27 9:03:27 |
timestamp:[* TO 2017-06-28T09:03:27] |
| January 27-28 interval |
timestamp:[2017-01-27 TO 2017-01-28] |
| 53 second interval on January 27 9:13 UTC |
timestamp:[2017-01-27T09:13:00Z TO 2017-01-27T09:13:53Z] |
| The same time interval as previous but with time zone specified |
timestamp:[2017-01-27T12:13:00+03 TO 2017-01-27T12:13:53+03] |
| 1 – 3 weeks of 2017 year |
timestamp:[2017-W1 TO 2017-W3] |
|
First 50 days of 2017 year |
timestamp:[2017-001 TO 2017-050] |
You can refine your search for the report data by using search expressions. To perform a keyword search in a specified column, you need to use the internal name of the column instead of the column display name. For example, <internal column name>:<search term or expression>. For a list of internal column names and string examples, see the tables below.
Table 5: Unpacked Objects screen
| Name |
displayName |
An object by object name |
displayName:SamJones |
| Type |
objectType |
An object by object type |
objectType:user |
| Backup Date |
backupDate |
An object by the specified backup date/time |
backupDate:[2017-06-27] |
| Directory |
tenant |
An object by directory name |
tenant:demo365 |
| Principal Name |
userPrincipalName |
An object by principal name |
userPrincipalName:Sam.Jones@mycompany.com |
| Mail |
mail |
An object by mail address |
mail:Sam.Jones@mycompany.com |
| City |
city |
An object by city |
city:London |
| Department |
department |
An object by department |
department:Sales |
| Job Title |
jobTitle |
An object by job title |
jobTitle:manager |
| Description |
description |
An object using keywords in the object descriptions |
description:Sales |
| User Type |
userType |
An object by user type |
userType:new |
| Telephone Number |
telephoneNumber |
An object by telephone number |
telephoneNumber:44658 |
Table 6: Differences screen
| Name |
objectName |
Changes related to a specified object name |
objectName:SamThomas* |
| Change |
changeType |
Objects by change type |
changeType:"Object hard deleted" |
| Object Type |
objectType |
Objects by object type |
objectType:User |
| Attribute |
changedAttribute |
Changes related to a specific attribute |
changedAttribute:link |
| Difference |
oldValue |
Search by old attribute value (value before the change) |
oldValue:User1@mycompany.com |
| Difference |
newValue |
Search by new attribute value (value after the change) |
newValue:User1@gmail.com |
| Backup time |
backupDate |
Search by the specified backup date/time |
backupDate:[2017-06-27] |
Table 7: Events screen
| Time |
timestamp |
Specified timestamp |
timestamp:NormanThomas* |
| Description |
message |
Keywords in event descriptions |
message:"Object attributes were restored" |
| Object Name |
object.name |
Objects by an object name |
object.name:User |
| Task Name |
task.name |
Specified task |
task.name:"Restore objects" |
Table 8: Tasks screen
| Title |
name |
A task by task name |
name:"restore objects" |
| State |
status |
A task by task status |
status:completed |
| Type |
type |
A task by task type |
type:restore |
| Modified |
modified |
A task by the date when the task was modified |
modified:[2017-06-26] |
| Created |
created |
A task by the date when the task was created |
created:[2017-06-27] |
| Operation |
lastResultDescription |
Keywords in the operation description |
lastResultDescription:unpack* |
How does On Demand Recovery Handle Object Attributes?
