Tip: You can start by loading a predefined query into the Query Builder. In the Load Query (Optional) list, select a predefined query. Then, modify the query as desired.
Optional: Add a regex template to your query:
Note:Arctic Wolf® uses RE2 and Java regex engines. Support for Lucene regex expressions is not available.
In the Data Explorer section, click Regex Templates.
In the Search templates box, filter and search for a regex template, such as IP address, and then select the desired regex template.
Click Use in Query.
Tip: Click Copy Pattern to manually insert the regex pattern into a query.
In the Select a Field dialog, select the field for the regex template, and then do one of these actions:
Click Insert into current query to insert the regex template into your current query.
Click Start new query to copy the regex template and start a new query.
Note: This action removes any データエクスプローラ and operator fields you previously selected.