Query for stored records

The Records page enables you to build a complex filter to search for records.

1. Log in to the ExtraHop system through https://<extrahop-hostname-or-IP-address>.
2. At the top of the page, click Records.
   If AI Search Assistant is not enabled, the New Record Query section is displayed. If AI Search Assistant is enabled, click Standard Search.
   
   
3. Select the time interval that you want to search.
   The time interval you select changes the time set in the global time selector.
4. From the Record Type drop-down menu, select one or more of the record types that your ExtraHop system is configured to collect and store.
5. From the Group By drop-down menu, select an option to specify how you want to group the results. The displayed options are associated with the record types you selected.
   For example, if you group HTTP records by client, the results table displays the clients found on the record transactions, listed by the number of times that client was found.
6. From the filter criteria drop-down menu (the default is IPv4 Address), select the first criteria you want the filter to match. The displayed options are associated with the record types you selected.
7. (Optional): Click the plus icon and select Add Filter or Add Filter Group to specify more criteria at the top or secondary level of the filter.
   A new filter group adds criteria to the result of the original filter. For example, if you search for HTTP transactions that were suspicious and contained files, you can add a filter group to narrow the results to records associated with a specified network locality.
   
   
8. Click View Records.
   Record results are displayed on the main Records page.
   
   

AI Search Assistant enables you to search for records with questions written in natural, everyday language to quickly build complex queries compared to building a standard search query with the same criteria.

Time Interval = Last 2 days and Record Type = [HTTP]
Suspicious = True and File Observed = True

1. Log in to the ExtraHop system through https://<extrahop-hostname-or-IP-address>.
2. At the top of the page, click Records.
3. Write a prompt in the AI Search Assistant field and press ENTER.

   Tip:	Click the search prompt field to select a recent query or suggested search.

   The AI Search Assistant query filter is displayed.
   
   
4. (Optional): From the AI Search Assistant Query section, click the edit icon to refine your query filter criteria.
   
   1. In the top row, edit the time interval, Record Type or Group By options.
   2. Click the plus icon and select Add Filter or Add Filter Group to specify more criteria at the top or secondary level of the filter.
      A new filter group adds criteria to the result of the original filter. For example, if you search for HTTP records that were suspicious and contained files, you can add a filter group to narrow the results to records associated with a specified network locality.
   3. Click Done.
5. Click View Records.
   Record results are displayed on the main Records page. The display name of the AI Search Assistant filter is the prompt that you entered and is shown above the tri-field.