Configuring the global search

You can configure the global search by going to Management → Advanced Settings. The following settings are available:

Search query syntax

The siren:globalSearchQuerySyntax setting dictates the query rules that are used in the global search field. There are two options - simple_query_string (default) and query_string.

The simple_query_string setting uses a simple, lenient syntax to parse and split the provided query string into terms based on special operators. It does not trigger errors when there is a problem with the syntax.

The query_string setting returns documents based on a provided query string, using a parser with a strict syntax. If the syntax is incorrect, a bad request error is triggered. This setting uses the same syntax as in the dashboard search query bar.

For example, if the setting is set to simple_query_string, a search with the query as "Apple laptops (notice the " wrapper that was never closed) will work without any issues. However, if the same query is run with the setting as query_string, Elasticsearch will throw a parse exception.

Simple query syntax options

The setting siren:globalSearchSimpleQuerySyntaxOptions is applied only when the Search query syntax is set to simple_query_string. Additionally, the setting is applied only when your query doesn’t have any special operators. If there are special operators in the query, then this setting has no effect.

The default value for this setting is as follows:

{ "fuzziness": "AUTO", "suffixWildcard": true }

The accepted formats for fuzziness are AUTO:[low],[high] or the numbers 0, 1 or 2. For more information about the fuzziness setting, see the Elasticsearch documentation.

The suffixWildcard is a boolean setting that will automatically add an asterisk * at the end of the query. This is intended to allow users to type only the start of a query and let Siren Investigate pick all possible continuations.

For example, if the setting is set to { "fuzziness": "AUTO:5,8", "suffixWildcard": true } and if the query is Patch, the core query that is sent to Elasticsearch is as follows:

'simple_query_string': {
  'query': 'Patch~1 Patch*'
}

This means that Elasticsearch would look for all documents that have the word Patch and anything within one edit distance from the word, for example documents that have the word Pitch in them. Additionally, because of the Patch* part, Elasticsearch will also look for documents that have words starting with Patch, for example Patching or Patched.

Search timeout

The setting siren:globalSearchTimeout dictates the time period in seconds at which a global search query will time out.

Because the global search feature is designed to search through large quantities of data, this setting can be used to specify the maximum duration that you’d like to wait for the search to complete.

If a global search query is not complete by the end of the specified timeout period, the results that are accumulated up to that point are returned.

The default value for this setting is 30 seconds.

For information about all advanced settings, see Setting advanced options.

Modifying the max number of results

The advanced setting siren:globalSearchShowMoreDocsCount determines the number of documents that can be viewed in the global search results list. It specifies the maximum number of documents that can be fetched after the initial 10 results are shown by repeatedly clicking Show 10 more.

By default, this number is 90, which means up to 100 documents can be displayed in the global search results list. You can decrease this number to slightly improve the performance of search queries or increase it to view more results at a slight performance cost.

For information about modifying advanced settings, see Setting advanced options.

Entity table searchability

You can set the searchability of entity tables to allow or restrict their appearance in search results. For more information, see the Data Model documentation.

Ignore time zone

The advanced setting siren:globalSearchGlobalTimeIgnoreTimezone determines if your primary date filter ignores the time zone you are in and performs date queries in Coordinated Universal Time (UTC). When an absolute date is selected, it’s treated as UTC, and when a relative date is selected, it’s relative to the user’s current local time, ignoring the time zone they’re in.