TOC & Recently Viewed

Recently Viewed Topics

Full Text Searches

Full text searches may be performed on the data stored within the attached LCE servers. When viewing the events page the Search field will accept text strings as valid search criteria. Search terms are not case sensitive and a Boolean search may be utilized to further enhance search results. This enables searching the raw logs for details contained in the events.

LCE can search for compound groups of full text tokens.


A token in this context is a full word, 2 letters or more, separated by punctuation or whitespace.

For example, if you want to search for logs containing "Microsoft" then Microsoft would be the example of the token.


Operators are case sensitive, and must be capitalized. For example, a search for mike or miked will actually yield mike AND or AND miked. Multiple operators can be used in a single query.

Operator Description


Finds logs both directly preceding token and the directly following token.


Finds logs containing the directly preceding token, the directly following token, or both.


Finds logs that do not include the subsequent token.


Parentheses may be used to group conditionals together to show evaluation precedence just as in mathematics. This is useful in compound conditionals. Without grouping, the query text="blocked AND denied AND dropped OR firewall" would return any log with just “firewall” in it because it satisfies the entire query.

The following query would provide a more accurate result: text="blocked AND denied AND (dropped OR firewall)"

This requires that the log contains blocked, denied, and either dropped or firewall, because it has additional constraints.

Search Query Examples:

Query String What It Means Example Result Example Non-Result Why It Didn't Match


Show me logs with the term "Heartbeat"

LCE Client Heartbeat| 07/23/2014 00:25:00 AM Hostname: lce_demo IP: Revision: LCE Client 4.2.0 build 20131004


does not contain the full term "Heartbeat" by itself, only as a substring

text="linux process"

Show me logs with the term "linux" and the term "process"

This linux host executed process "ls". 

This linux host executed nothing.

missing "process"

text="linux NOT process"

Show me logs with the term "linux" but NOT the term "process"

This linux host executed nothing.

This linux host executed process "ls". 

contains "process"

text="linux OR nothing"

Show me logs with either term "linux" or term "nothing"

This linux host executed process "ls".


This linux host executed nothing.

This nix host did everything.

does not contain "linux" and does not contain "nothing"

text="(linux OR nothing) AND process"

Show me logs that have terms "linux" and "process" or "nothing" and "process"

This linux host executed process "ls".


The process did nothing.

This process did everything.


This linux host did nothing.

contains "process" but not "linux" and not "nothing"


contains "linux" and "nothing" but not "process"

Copyright © 2019 Tenable, Inc. All rights reserved. Tenable,, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.., Lumin, Assure, and the Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.