• All Files
Using GFI OneConnect  >  Archive  >  Reviewer Groups  >  Advanced Query Language

Advanced Query Language

The Advanced Query Language allows users to create a single query with multiple conditions.

How to use the Advanced Query Language

To access the Advance Query Language tab, login to GFI OneConnect with a user that is member of a reviewer groupArchive users who have the ability to search and read emails that are within the scope of a group of users. and under ArchiveA feature provided by GFI OneConnect that can archive all internal and external email into the GFI OneConnect Data Center. click Search company archives. In the Search page click Advance Query Language.

To start a search:

  1. Type the query in the format: field:term, where field is one of the elements of an email and term is the value you want to find. For example, mailsubject:”Quarterly Report”
  2. Add other conditions linking them with Boolean operators. For Example, (mailsubject:”Quarterly Report” AND mailfrom:bob@genericorp.com).
ClosedSearch For Range of Dates

To search for mail using a range of dates type a query in the format field:range(start, end) .

Elements Description
Field Field that indicates the element to be searched upon. Accepted fields are emaildate or receiveddate.
Range Defines the beginning and ending points of the search.
Start Indicates the beginning of the search. Date can be entered as date and time format like YYYY-MM-DDTHH:MM:SS. If time is omitted the system uses 00:00:00. Use min to indicate a search from the beginning of data stored.
End Indicates the ending of the search. Date can be entered as date and time format like YYYY-MM-DDTHH:MM:SS. If time is omitted the system uses 23:59:59. Use max to indicate a search till the end of data stored.

For example:

To find all messages sent between December 25, 2013 and August 1, 2015 (local time):

emaildate:range(2013-12-25T05:00:00, 2015-08-01T05:00:00)

To find messages sent before December 25, 2016 (local time):

emaildate:range(min, 2016-12-25T05:00:00)

To find messages received on or after August 2, 2016 (local time):

receiveddate:range(2016-08-02T05:00:00, max)

ClosedBoolean Operators

To combine search expressions using Boolean operators (AND, OR and NOT), use:

  • AND between terms, to indicate both terms must be matched.
  • OR between terms, to indicate either term may be matched, but at least one must match.
  • NOT as a prefix to a term, to find terms that do not match the specified criteria.

Use matched parenthesis ( ) to group terms.

For example:

To find messages that include either the phrase financial report or the phrase balance sheet and were sent before December 25, 2013 or after August 1, 2015, but not between those dates.

NOT (emaildate:range (2013-12-25T05:00:00, 2015-08-01T05:00:00)) AND (“financial report” OR “balance sheet”)

Closed Query Language Fields

The table below contains a detailed description of every field available together with some examples.

Field (Type)

Description

Example

altrecipients

(String)

 

Alternative recipients listed in the To field or Cc field of the envelope journal report.

altrecipients:
bob_anderson@
genericorp.com

attachedfiles

(String)
  • A filename (If filename contains spaces, enclose in quotes).
  • Filenames joined by Boolean expression (If filename contains spaces, enclose in quotes).
  • To match an ordered list of attachments use a semicolon separated list of all filenames, enclosed in quotes (No need to add extra quotes to filenames with spaces).
  • attachedfiles: picture.jpg
  • attachedfiles: picture.jpg or “second picture.jpg”
  • attachedfiles:
    “report.xls; report.doc; Quarterly Report.ppt”

content

(String)

The content of the message.

content:”Q4 results”

dlists

(String)

Distribution lists listed in the To field or Cc field of the envelope journal report.

dlists:
all_employees@
genericorp.com

emaildate

 

or

 

receiveddate

(Date)

emaildate: The date specified in the Sent Date field of the message header.

receiveddate: The date the message was received by the email server.

To search by date only, use the form YYYY-MM-DD.

To search by date and time, use the form YYYY-MM-DDThh:mm:ss.

T is a required constant that identifies the following characters as times.

Use 24-hour clock when specifying time.

Use min and/or max to specify earliest/latest dates.

Use < or > to specify dates before or after a certain date.

Note: By default, emaildate is stored as UTC (GMT) time. To search using your local time zone value, use the TIME value to manually compensate for the number of hours offset from UTC. For example: T05:00:00 is midnight in the US-Central time zone.
  • To find messages received between January 1, 2008, midnight (US-Central time zone) and January 3, 2009, midnight: receiveddate:range (2008‑01‑01T05:00:00, 2009‑01‑03T05:00:00)
  • To find messages sent after Aug. 21, 2012 use:
    emaildate:>2012-08-21
  • To find messages sent before Aug. 21, 2012, use:
    emaildate:<2012-08-21
  • To find messages received before Aug. 21, 2012, use:
    receivedate:<2012-08-21

envrecipients

(String)

The recipient information contained in the message envelope.

For non-journaled messages: This field can be used to search for Bcc recipients.

NOTE: Only email addresses found in retention policies can be found using this option. It will not find any email addresses that are external to your organization or not included in a retention policy.

envrecipients:
bob_anderson@
genericorp.com

envsender

(String)

The sender information contained in the message envelope.

envsender:bob_
anderson@
genericorp.com

filename

(String)

The file name of a document or message.

filename:report.xls

isattachment

(Integer)

An indicator of whether the document is an email attachment or a message.

To indicate that the document is an attachment, set isattachment:1.

To indicate that the document is not an attachment, set isattachment:0.

filename:report.xls and isattachment:1

mailbcc

(String)

Recipients listed in the Bcc field of the envelope journal report.

mailbcc:
bob_anderson@
genericorp.com

mailbccaltrecipient

(String)

Alternative recipients listed in the Bcc field of the envelope journal report.

mailbccaltrecipient:
bob_anderson@
genericorp.com

mailbccdlist

(String)

Distribution lists listed in the Bcc field of the envelope journal report.

mailbccdlist:
all_employees@
genericorp.com

mailcc

(String)

The recipients listed in the Cc field of the message header.

mailcc:bob@genericorp.com

mailccaltrecipient

(String)

Alternative recipients listed in the Cc field of the envelope journal report.

mailccaltrecipient:
bob_anderson@genericorp.com

mailccdlist

(String)

Distribution lists listed in the Cc field of the envelope journal report.

mailccdlist:
all_employees@genericorp.com

mailfrom

(String)

The sender listed in the From field of the message header.

mailfrom:bob@genericorp.com

mailsubject

(String)

The subject of the message.

If value contains spaces, enclose in double-quotes.

mailsubject:
”Quarterly Report”

mailto

(String)

The recipients listed in the To field of the message header.

mailto:
bob@genericorp.com

mailtoaltrecipient

(String)

Alternative recipients listed in the To field of the envelope journal report.

mailtoaltrecipient:
bob_anderson@
genericorp.com

mailtodlist

(String)

Distribution lists recipients listed in the To field of the envelope journal report.

mailtodlist:
all_employees@
genericorp.com

recipients

(String)

The recipients listed in one or more of the following:

  • The list of recipient information contained in the message envelope (see envrecipient field for details)
  • The To field of the message header.
  • The Cc field of the message header.
  • Distribution lists listed in the To field or Cc field of envelope journal report.
  • Alternative recipients listed in the To field or Cc field of envelope journal report.

(recipients:bob@
genericorp.com OR recipients:sue@
genericorp.com)

senders

(String)

The list of senders in the message envelope or the From field of the message header.

(senders:bob@
genericorp.com OR senders:sue@
genericorp.com)

undisclosedrecipient

(String)

Undisclosed recipients listed in one or more of the following:

  • The list of recipients in the Bcc field of the envelope journal report.
  • The list of distribution lists in the Bcc field of the envelope journal report.
  • The list of alternative recipients in the Bcc field of the envelope journal report.

undisclosedrecipients:
bob_anderson@
genericorp.com

Try now, for free

Related Topics

GFI OneConnect Help System v1.3
Copyright © GFI Software Ltd 2017
Free Trial