Documentation

This documentation describes the search operators that can be used for querying this search engine.

Search operators

In this section we describe supported operators.

Default operator

The default operator for every term is Should, when specifying multiple terms without a specific operator any term will be matched.

Example

• term1 term2 will search for results containing term1 OR term2.

Must

+ is used to enforce a term to be required

Example

• +term1 +term2 will search for results containing term1 AND term2

MustNot

- is used to filter out a term

Example

• +term1 -term2 will search for results containing term1 AND NOT term2

Terms

In this section we describe what a term is and how to use and group them.

Term definition

Terms are separated by a space. When looking for terms containing a space double quotes (") must be used.

Examples

• term is one term
• term1 term2 are two terms
• "term 1" is one term
• filename:test.mp3 is one term
• filename:"test file with space.mp3" is one term

Term grouping

Terms placed between () will be grouped together.

Examples

• +(exentions:sql extension:zip) -(filename:test filename:dev) will search for zip or sql extensions AND NOT filenames containing dev or test
• +(exentions:sql extension:zip) +size:>1024 +size:<2048 will search for zip or sql extensions AND size bigger than 1024 bytes and lower than 2048 bytes

Field operators

Match

: is used to match content in a field

Example

• filename:mkv matches the text mkv in the filename field
• filename:"filename with space" matches the text filename with space in the filename field

Ranges

:> and :< are used to do a range query on a date or numeric field.

Examples

• +infected:true +last-modified:>2023-01-01 will search for all infected files modified after the 1st of January 2023
• +infected:true +last-modified:>2023-01-01 +size:>100000 will search for all infected files modified after the 1st of January 2023 and bigger than 100000 bytes