This section describes how to search for specific data types. What to read next Searching on IP Address RangesThis topic describes how to search on IP address ranges. Searching for Dotted TokensThis topic describes how to search for dotted tokens. Searching for Subfolders in PathsThis topic describes how to search for subfolders in paths. Searching for Substrings of Large TokensThis topic describes how to search for substrings of large tokens. Searching on Paths that include GUIDs, SIDs, and SubstringsPlatform Search provides special handling of certain high cardinality data in path fields. Searching on GUID in a Path FieldThis topic describes how to search on a GUID in a path field. Searching on SID in a Path FieldThis topic describes how to search on a SID in a path field. Searching for Substrings by Leveraging TokenizationThis topic describes tokenized search fields. Tokenization FAQsThis topic provides answers to frequently asked questions about tokenization. Searching cmdline Fields using WildcardsThe cmdline fields (process_cmdline, childproc_cmdline, parent_cmdline, and fileless_scriptload_cmdline) support wildcarding of single terms just like any other field. Command Lines and Avoiding the regex InterpreterThis topic describes how to avoid the regex interpreter in command lines. Searching Numeric Fields with Wildcards and Multiple ValuesSearching on numeric fields such as device_id is handled differently than fields with string values. This has to do with the way Lucene handles wildcards for numeric fields. Searching for File ExtensionsThis topic describes how to search for file extensions. Searching for Filemod ActionsThis topic describes searching for filemod actions. Bounded Range Searching on *_count FieldsFor the *_count fields, bounded searches only include already-terminated processes. Unbounded searches include all processes. Parent topic: Advanced Search Techniques
