New search options

This weeks update brings more search options. Until now you could search some fields, but not all. And the query language was functional but limited. That all changed.

First, you should have a look at the updated Data Model. It shows all types of data (indexes) that you can search and the fields that are available.

Searching should be easy and we don’t want you to learn yet another query language. So, instead you can use both Elastic Search (also known as Lucene) syntax and Splunk SPL syntax. The ShadowTracker query parser is quite forgiving and even allows mixing the two styles. And of course it’s backwards compatible with the old search style. Details and examples are on the Search and Queries page.

Major backend update: check your API scripts

This weekend a lot of tech debt was paid. That also meant some risky updates and changes to the backend. Although all was tested first, some bugs slipped through and on top of that we did a database rebuild.

All should be fine now and the GUI and API do not have big changes, but please double check your API scripts and report any trouble to us.

Happy new year!

All the best for 2022 :-) The last month of 2021 was a bit busy. Helping out with log4j trouble ate up quite some time.

There have been some few bug fixes and more are underway. The focus for the start of 2022 will be on improving overall quality and hunting bugs.