Phone Lines icon GFI Support Home Sign in
Start a conversation
  1. GFI Support
  2. GFI Support - Search/Index
  3. Articles

Performing a Raw or Low-Level Search in GFI Archiver

Overview

The article shows how to perform a raw or low-level search in GFI Archiver

 

Diagnosis

This type of search provides the ability to perform more advanced searches, which may not be possible using the Advanced Search options. The low-level Boolean search cannot be used in the 'Advanced Search Options' screen. Perform this search using the Quick Search from How to Perform a search in GFI Archiver.

 

Solution

 

After navigating to the Archiver Console > Archive tab, use the Search box  to enter the search queries as shown below. 

Syntax:

raw: complex-term [operand complex-term]
operands: {__and, __or, __not) - NOTE: Two underscore characters '__' are used in front of the operands.
complex-term: [ ( ] boolean-term | field-term [ ) ]
boolean-term: [ ( ] simple-term [ ) ] [operand boolean-term]
field-term: { subject | sender | to | msgid | sentdated | recvdated | msgsizekb } __contains boolean-term
simple-term: [ mail-term | text-term | numeric-term ]
mail-term: mail(word)
text-term: { word | phrase }
phrase: [ " ] word [space word ...] [ " ]
word: { letter | digit | @ | wildcard } [...]
wildcard: * | ?
numeric-term: number ~~number
number: digit [...]

 

Notes

  • sentdated and recvdated are numeric searches and are specified in the number of days from 01-01-1970 and padded with zeros to 10 digits. For example, to search for items sent between the 1st of January 1990 to the 20th of November 2007, the following parameter would be used:
sentdated __contains(0000007305~~0000013837)
You can calculate the number of days between 01-01-1970 and the search date on timeanddate.com.
  • msgsizekb is a numeric search and is specified in KB and padded to 10 digits.  For example:
msgsizekb __contains(0000001025~~0001048576)

Parenthesis are recommended for proper grouping. mail-term is used to specify email addresses and message IDs. It is not possible to select a particular database for the search.  The search will be performed across all registered indexes.

The Advanced Search performs numeric searches more efficiently. When no field-term is specified the search is performed on the whole email (fields, body, and attachments). Low-level searches can also be saved as Search Folders. Low-level searches may produce incorrect results for indexes build by GFI MailArchiver 4 builds prior to 20070616.


Examples:

  • To search for emails containing the phrase "concept plan" or "master plan"
raw: "concept plan" __or "master plan"
  • To search for emails sent by 'sales@company.com'
raw: sender __contains(sales@company.com)
  • To search for emails sent by 'sales@company.com' or containing 'GFI' in the subject
raw: ( sender __contains mail(sales@company.com)) __or (subject __contains(GFI))
  • To search for emails received by 'sales@company.com' or 'info@company.com'
raw: to __contains mail(sales@company.com) __or mail(info@company.com)
  • To search for emails containing the phrase "master plan" and emails which are smaller than 1MB.
raw: ("master plan") __and (msgsizekb __contains 0000000001~~0000001025)


Testing

 

Using the boolean variables discussed above the search will return the results found in various archive stores. 

Choose files or drag and drop files
Was this article helpful?
Yes
No

  1. Priyanka Bhotika

  2. Posted
  3. Updated

Comments