Configuring the global search
You can configure the global search by going to Management → Advanced Settings. The following settings are available:
Search query syntax
The siren:globalSearchQuerySyntax
setting dictates the query rules that are used in the global search field. There are two options - simple_query_string
(default) and query_string
.
The simple_query_string
setting uses a simple, lenient syntax to parse and split the provided query string into terms based on special operators. It does not trigger errors when there is a problem with the syntax.
The query_string
setting returns documents based on a provided query string, using a parser with a strict syntax. If the syntax is incorrect, a bad request error is triggered. This setting uses the same syntax as in the dashboard search query bar.
For example, if the setting is set to simple_query_string
, a search with the query as "Apple laptops
(notice the "
wrapper that was never closed) will work without any issues.
However, if the same query is run with the setting as query_string
, Elasticsearch will throw a parse exception.
Simple query syntax options
The setting siren:globalSearchSimpleQuerySyntaxOptions
is applied only when the Search query syntax is set to simple_query_string
. Additionally, the setting is applied only when your query doesn’t have any special operators. If there are special operators in the query, then this setting has no effect.
The default value for this setting is as follows:
{ "fuzziness": "AUTO", "suffixWildcard": true }
The accepted formats for fuzziness
are AUTO:[low],[high]
or the numbers 0, 1 or 2. For more information about the fuzziness
setting, see the Elasticsearch documentation.
The suffixWildcard
is a boolean setting that will automatically add an asterisk *
at the end of the query. This is intended to allow users to type only the start of a query and let Siren Investigate pick all possible continuations.
For example, if the setting is set to { "fuzziness": "AUTO:5,8", "suffixWildcard": true }
and if the query is Patch
, the core query that is sent to Elasticsearch is as follows:
'simple_query_string': {
'query': 'Patch~1 Patch*'
}
This means that Elasticsearch would look for all documents that have the word Patch
and anything within one edit distance from the word, for example documents that have the word Pitch
in them. Additionally, because of the Patch*
part, Elasticsearch will also look for documents that have words starting with Patch
, for example Patching
or Patched
.
Search timeout
The setting siren:globalSearchTimeout
dictates the time period in seconds at which a global search query will time out.
Because the global search feature is designed to search through large quantities of data, this setting can be used to specify the maximum duration that you’d like to wait for the search to complete.
If a global search query is not complete by the end of the specified timeout period, the results that are accumulated up to that point are returned.
The default value for this setting is 30 seconds.
For information about all advanced settings, see Setting advanced options. |
Modifying the max number of results
The advanced setting siren:globalSearchShowMoreDocsCount
determines the number of documents that can be viewed in the global search results list. It specifies the maximum number of documents that can be fetched after the initial 10 results are shown by repeatedly clicking Show 10 more.
By default, this number is 90, which means up to 100 documents can be displayed in the global search results list. You can decrease this number to slightly improve the performance of search queries or increase it to view more results at a slight performance cost.
For information about modifying advanced settings, see Setting advanced options. |
Entity table searchability
You can set the searchability of entity tables to allow or restrict their appearance in search results. For more information, see the Data Model documentation.
Ignore time zone
The advanced setting siren:globalSearchGlobalTimeIgnoreTimezone
determines if your primary date filter ignores the time zone you are in and performs date queries in Coordinated Universal Time (UTC). When an absolute date is selected, it’s treated as UTC, and when a relative date is selected, it’s relative to the user’s current local time, ignoring the time zone they’re in.