Advanced Search Feature
The Goldfynch Advanced Search feature is a powerful tool that makes use of logical operators like 'AND,' 'OR,' and 'NOT' to group together multiple search queries ("conditions") and produce refined search results. It gives you the to ability quickly search through the contents and metadata of files of numerous file formats. These complex queries can be saved for future reference and even shared with collaborators.
You can perform an advanced search from both the upper search bar or by clicking into the 'Advanced Search' view.
Using the 'Advanced Search' view
To access the Advanced Search view, click on the Advanced Search button from the left menu.
When you perform a search from the 'Advanced Search' view, you do so by building a search query using conditions, and linking the conditions together in groups using the query operators: "AND," "OR," and "NOT."
Each condition consists of:
- The parameter that you are searching by (e.g. by the "subject" line of emails, or the "type" of files)
- The corresponding value that you are looking for (e.g. the subject line "Revisions," or the file type "PDF".)
- Some conditions have connectors (e.g. "pages < 15"))
Groups determine the ways your conditions combine, and this will determine what your search query will look for as it searches through your files.
To build a search query, drag conditions and the query operators AND, OR, and NOT, which are found on the far right of the screen, into the query builder space to build your query. You can also:
- Click on the pencil icon of a condition to choose its parameter and add values to it
- Delete a group or condition by clicking on the trashcan icon
- Delete a group while keeping the conditions it contains intact by clicking on the indentation icon
- Drag around placed groups and conditions to relocate them
Starting with the basics
A basic search can be performed using just a single Condition without using any other logical connectors.
1. Creating a new search
To search for a word or term:
Step 1. Click the 'Advanced Search' view in the left pane
Step 2. Click on the
Create New Search button to create a new search query. Notice that there is a warning message in the default condition present in the query builder area. This is because we don't have a completed condition yet.
Step 3. Click on the 'edit' icon (the pencil) against the 'Body CONTAINS' text. Alternatively, you can click anywhere in the condition box.
Step 4. Select the parameter, select the operator and then type a term to search for in the 'value' field
Step 5. Click the
search execute button to run the query. In the example below, a query is run to find the word 'insurance'.
2. Save Searches
GoldFynch allows you to name and save your search queries. Saving searches allows you to:
- Reproduce results: Useful for quickly searching document sets
- Edit searches: if you create a complex search with different terms, you can save a base version and load it up again for quick editing
- Share searches with shared users: All saved search queries are available across the case for all shared users.
- Create review sets: A saved search can be used to create a review set where a group of files can be reviewed by you and your collaborators
- Create a case report: You can easily generate a case report using a saved search
Here's how to save searches:
After creating your search, click on the red text under the search bar and give it a name
Click on the
save as...buttons to save the search
To load searches:
Click on the
openbutton to see a list of saved searches that you can choose from
Click on a saved search to load it. Note that your current search will be discarded
Note: Saved searches can also be loaded in the 'Search' view. Click here to learn more about using saved searches in the 'Search' view
To delete saved searches:
Load the saved search you wish to delete
Click on the
Confirm the deletion in the overlay that appears
3. Undo and Redo
If you have made a change to your search query that you want to undo, you can use the
undo button. Similarly, to revert to a change that you'd made before using undo, you can use the
Undo and Redo can save you a lot of time while building and editing complex queries
Searching against other parameters
To search against a particular parameter:
Click on the edit icon (the pencil) against the "body CONTAINS" text
Click on "body" to open a drop-down list that will contain the different search parameters you can search against (by default this is "body")
Based on the type of parameter, you will need to provide a value to search against by entering text, selecting a date, or picking an item from the drop-down menu.
Here is an example using the 'tags' parameter:
- Select 'tags' from the 'type' drop-down list
- The value field (on the right) will automatically populate with all available tags, out of which you will need to select one
- Start typing the name of the tag in the value field to filter the tags OR click on the name of the tag in the drop-down
When the tag is selected, the query string is now created and the warning message disappears. In the image below we create a search query for files with the tag 'Documentation'. The tag query in the preview will be
"tags = Documentation"
search execute buttonto run the query
Making complex queries
You can also create compound searches with multiple search parameters by adding new conditions, connecting them with operators, and sorting them into groups:
Creating a new condition
- Drag the
Conditionbutton found on the right side of the screen and drop it inside the query builder area
- Click on the
pencilto edit the new condition
Note: To edit any condition you can either click on the pencil or click anywhere in the condition box
Creating a new group
- Drag any of the Logical Operator buttons found on the right side of the screen and drop it inside the query in the query builder area
- To add conditions to the new group drag the
Conditionbutton and drop it in the body of the new group that you have created.
- Add a group around a condition: Drag and drop the logical operator to the condition that you want to group
Rearrange groups and conditions: Groups and conditions can be rearranged simply by dragging and dropping them to the place where you want them to be (NOTE: GoldFynch is built to prevent redundant or illogical group and condition movements. The group or condition can be moved only if the destination is a valid place for it)
Raise a group's level: Click on the indent button to replace a condition's parent group with the condition itself (NOTE: if this is used on a condition that is part of a group with multiple conditions, it will replace the entire group, and thus all of the other conditions the group contains. Use the 'undo' feature if this happens unintentionally)
- Changing the operator: You can toggle between the "AND" and "OR" logical operator simply by clicking on it in the query builder area
Taking the earlier example of creating a new condition and building off of it, we can make a complex query like the one below:
1 - From the simple query "body CONTAINS Categorization" (Condition 1), a new condition (Condition 2) of "type = docx" was created by dragging and dropping the condition button into the query builder area (the parameter 'type' with a value of 'docx' was selected)
2 - A new group (Group 2) was created by dragging and dropping the "OR" logical operator around the "type = docx". Another condition was added to the new group by dragging and dropping the
Condition button into the new group. The parameter 'tags' and the value 'Documentation' were selected for this condition.
NOTE: Group 1 is not mentioned in the query preview or referred to in the example. It is the container group that is present for every query and represents the query as a whole.
- Selecting the AND operator: All conditions imposed by conditions linked with the AND operator need to be fulfilled by a file for it to appear as a search result
- Selecting the OR operator: If any of the conditions imposed by conditions linked with the OR operator are fulfilled by a file, it will appear as a search result
- Using the NOT operator (written in the query preview as NOT): Files outside of the conditions imposed by a condition with the NOT operator are added to the search results
Using the 'tags' parameter, in the following example, we create a compound tag query for all items in the case that have tags 'Documentation', are word documents (by setting the 'type' parameter to 'docx') and the number of pages is greater than 5.
Choosing NOT as the logical operator allows you to search for items that do not have the entered tag attached to them. In the example below, when the search is executed, all items that do not have the tag "Confidential-Attorneys Eyes Only" attached them will be returned in the search results. This is particularly useful when you want to search only through documents that do not contain tags for documents marked "confidential" or "privileged".
Using complex operators
The advanced search lets you include multiple values against a single parameter without having to create a new condition for each one. This is done through complex operators, and in effect works just like a group of conditions connected with "OR" and "AND" operators.
For example, if you would like the search to retrieve all documents that have any one of the following tags Documentation, From Zips or Important. You can do so with a single condition using the "IS ANY OF" operator rather than framing three conditions for each tag type that will be connected with the "OR" operator.
Constructing a condition using the 'IS ANY OF' complex operator
Using the example given above, the steps for constructing the condition are:
- Select 'tags' from the parameter drop-down list
- Select 'IS ANY OF' from the operator drop-down list
- Click on the
+Add Valuebutton and then select the tag type, repeat this till all the values have been included
- Execute the search
In the case of searching for entered text (like finding the words in the content of files), the
+Add Value box will give you a text box to enter the word(s) into. This is much faster than having to make multiple conditions, setting them to the "body" parameter, entering the values into each condition's value box, and combining them with the "OR" operator*
For example, if you would like the search to retrieve all files that contain any one of the following values 'email data', 'open file' or 'create case'. Instead of constructing three conditions for each value and then connecting then with the "OR" operator, you can do this with a single condition using the "CONTAINS ANY OF" operator.
Constructing a condition using the 'CONTAINS-ANY-OF' complex operator
The steps for constructing a search using the 'CONTAINS-ANY-OF' operator is very similar to the 'IS-ANY-OF', the only difference being that there are two ways you can enter the multiple values to be searched against.
Method 1 - Using the
+Add Value button
Click on the '+Add Value' button and enter the value, repeat this till all the values are entered.
Method 2 - Using the
Bulk Edit Values button
Click on the
Bulk Edit Valuesbutton
Enter all the values into the Bulk Edit screen overlay. The values should either separated by a comma or in a new-line.
Note: The values do not need to be enclosed in quotes while entering them in the Bulk edit overlay
Click on the Save button in the bulk edit screen overlay.
The following are the list of complex operators that can be found in the advanced search function:
- 'CONTAINS ANY OF'
- 'CONTAINS NONE OF'
- 'DOES-NOT CONTAIN ANY OF'
- 'IS ANY OF'
- 'IS NONE OF'
- 'IS ALL OF'
- 'IS NOT ALL OF'
Note: The complex operators with the 'Contains' keyword will be applicable for the parameters 'body' and 'subject'. Those with the 'IS' keyword will be applicable for all other parameters excluding 'child-count', 'attachment-depth' and all the date-based parameters.
Using the slop search function
Adding a slop value to a phrase search using the 'body', 'subject' or 'name' parameters increases the flexibility of the search: GoldFynch finds documents that contain all the words in your phrase query, and then check how many times a word will need to be moved to get an exact match with the queried phrase. If the distance is less than or equal to the slop value, those documents are then included in the results of the search.
To use the slop function:
- Select the 'body', 'subject' or 'name' parameter in the 'Advanced Search' view
- Enter the phrase you wish to perform the search for in the 'value' field
- Enter the slop value you wish to search with, in the box on the right of the 'value' field
- Click the
search execute buttonto run the query
At a slop value of 0, words will need to match your search query exactly. There are no exact matches in this case:
Searching with a slop value of 1, in this case, produces 1 result, with the queried phrase's words separated by 1 word:
Raising the slop value to 3 sets a broader search range:
Advanced searches via the search bar
Performing an advanced search directly from the search bar can make searching for files much faster than using the Advanced Search view. Here, you need to type out the query into the search bar at the top of the screen. The queries will be identical to the queries generated from the 'query preview' section of the Advanced Search view.
Performing an advanced search from the search bar
- Begin typing in the search bar at the top of the screen
- Select the 'Advanced Search' tab in the drop-down menu that appears under the search bar
- Continue typing your query in the search bar till it is complete
- Hit the
returnkey to perform the search
As you type out your search query, GoldFynch tracks whether your query up till that point is valid, and provides you with the available options to complete the query.
The information contained by the Advanced Search tab can be broken into:
1. Error information
- Parse error: The first line provides you with the location of the first invalid section of your entered query (in the above example, "column 1" denotes the 1st character in the query)
- Text entered: The second line displays the text you've entered so far into the search bar
^symbol is displayed below your search query to point out the character mentioned by the parse error. In the example below, the query is valid till "body.date " but the symbol
-is invalid, and needs to be changed to a valid symbol.
2. Expected text
- As you begin typing your query based on the parameter you've chosen, GoldFynch will give you a list of the valid characters, parameters or operators that you can use
- The parameters are the same as the ones described in the 'Advanced Search' view section at the beginning of this post
- The logical operators AND, OR, and NOT, can be used to join multiple search parameters together
- Parenthesis ( ) can be used to group search terms together
3. Things to keep in mind while performing advanced searches from the search bar
- Some of the valid operators that can be used are 'CONTAINS', 'DOES NOT CONTAIN', 'IS', 'IS NOT','EXISTS', 'DOES NOT EXIST' and the numerical operators(=,<,>,etc.)
- The operators 'CONTAINS' and 'IS' can be combined with the phrases 'ANY OF' or 'ALL OF' to perform the function of retrieving results equivalent to using multiple 'OR' and multiple 'AND' conditions respectively
- The operator to be used after the parameters 'body', 'subject' and 'name' is 'CONTAINS'
- The numerical operators are to be used after the parameters 'attachment depth', 'child-count' and any date related parameter
- All other parameters use the operators 'IS'
- A slop value can be assigned to a 'body' or 'subject' section of a search query by adding "\~X" immediately after the phrase's quotation marks (where X is the slop value)
- Until the word is fully typed out, the parse error message will refer to the erroneous word's first character. For example, as in the image below, when you type "body CONTAINS advocate" and stop typing after "body CONTAIN" it will display the error at "C":
- Only after the "S" in "CONTAINS" is entered will it look at the next section, which would be the " " (space) following the CONTAINS operator. The parse error then points to the " " (space) after the CONTAINS operator
- Finally, typing in the value or string to be searched against, will make the query valid and allow you to perform the search. Note that even the first character typed at this point will fulfill the requirement - don't forget to complete your word!
Search Parameters List
- name: Restricts the search to the names of files. The full word will need to be present (e.g. searching for "discovery" will not produce results with "ediscovery")
- body: Restricts the search to the body of the document. In the case of emails that are replies or forwards, this will include all quoted content from earlier emails in the email thread
- type: Restricts the search to the file type of files
- hash: Restricts the search to the hash value (file fingerprint) of files, i.e. the calculated md5 hash value. The md5 hash value is used to detect exact duplicates in GoldFynch
pstate: Restricts the search to one of the 7 processing states of the files:
- Queued: For files that have been uploaded to the server but not yet processed and are in line to be processed
- Processing: For files that are currently processing
- Processed: Files that have successfully processed
- Errored: Files that were unable to be processed
- Awaiting Password: Files that are password protected. Learn how to create a password list
- Zero Byte: Zero-byte files can be retrieved using this option. Learn more about zero-byte files
- Unsupported: For files that are not supported by GoldFynch. Click to view the list of files supported by GoldFynch
Custodian: The custodian of a file. This is assigned by the user during upload
- Source: The source of a file. This is assigned by the user during upload
- name.ext: Restricts the search to the file extension of documents. Note that the "." before the extension should be left out (e.g. "name.ext = txt" not "name.ext = .txt")
- name.term: Searches for the exact full name of a file (e.g. name.term = agreements/drafts/draft_v0.9.pdf)
- name.dirs: Restricts the search to a particular directory (e.g. name.dirs = agreements) To search a subfolder, enter its full path (e.g. name.dirs = agreements/drafts) Note that when a parent directory is searched for, files in sub-folders are included as well
- directory: Functions similarly to the 'name.dirs' parameter, but when used in the 'Advanced Search' view it provides a 'Browse' overlay to help you select a folder
- tags: Restricts the search to the tags and codings that the case contains
- body.date: Restricts the search to all dates found in the body of documents
- date: Restricts the search to primary dates of files relative to an entered date (compared using the symbols =, >, <, >=, <=)
- Note that unlike the
Suggestionstab of the search bar, Advanced Searches require the date format "YYYY-DD-MM"
- Note that unlike the
- ingestion-date: Similar to the 'date' parameter, this restricts the search to the ingestion date of files relative to an entered date
- attachment-depth: Checks the 'depth' of an attachment file or a file extracted from one. So a child of a child file (e.g. a text document that is extracted from a zip file, which is itself an attachment to an email) would have an attachment-depth = 2
- family-role: Searches for files that are of a specific role in a file family's hierarchy (i.e. whether it's a container file, a file with attachments, an attachment, etc.)
- child-count: Searches for files with a child-count relative to the value entered
- pages: Looks for files with a specific number of pages
- redacted: Searches for files with or without redactions based on the value selected. Note: This field can be set to either True or False. When set to True only files that have redactions will be retrieved. When set to False files that have no redactions will be retrieved
- redactions: Retrieves files in which redactions exist or do not exist based on the value selected
- privileged: Based on the value selected retrieves files either with privilege tags or files without privilege tags. Note: Similar to the redacted parameter this also can be set to either True or False. When set to True only files that have privilege tags will be retrieved. When set to False only files without privilege tags will be retrieved
- privileged-category: Restricts the search to the various privileged categories that the case contains
- production: Restricts the search to files relative to the selected production
- review-set: Restricts the search to files associated with the selected review-set
- reviewed: Searches for files that have been reviewed or not based on the value selected. Note: This field can be set to either True or False.
- reviewed-by: Restricts the search to files reviewed by a particular user the case has been shared with
- reviewed-in: Searches for files that have been reviewed within a particular review-set
- in-review-set: Based on the value selected this parameter retrieves files that are either part of any review-set or those that are not in any review-set. This can be set to either True or False
- size: Restricts the search to files that have a file size that is relative to the value entered. Note: The file size needs to be specified in Bytes for the search. 1KB is equal to 1000 bytes and 1MB is equal to 1,000,000 bytes.
system-tags: Searches for files relative to the system tags have been selected.
- Corrupted file - rendered in extract mode: During automatic processing on upload, when GoldFynch encounters a corrupted Microsoft Excel file it cannot process and render, it attempts to open it using Excel's 'repair' mode. If it cannot, it attempts to directly extract cell text content. When this occurs, this system tag is added to the file to notify the user that a corruption exists, and any rendered information was obtained by extracting data
- Corrupted file - rendered in repair mode: This tag is automatically added to a Microsoft Excel file when it has a corruption and cannot regularly processed, and its information has to be obtained using Excel's 'repair' mode
- DUPE: When you run the deduplication process this system tag is added to all files designated as 'dupes'
- Rendered with repaired image: Sometimes EMF/WMF formatted images of Microsoft Word documents fail to print or "save to PDF" even when they can be opened and viewed without issue. GoldFynch can still process these files, but this tag is added to such files as a warning to users that some of the images may appear slightly different in our rendering (normally just some color or background color differences) and that the native file may not be printable/exportable if opened with Microsoft Word
- Unrenderable hidden worksheet: GoldFynch attempts to force-unhide and render any hidden worksheets. But sometimes a hidden worksheet can be password protected so that it can't be unhidden. In that situation, GoldFynch adds this tag
- Unusable as provided: sometimes eDiscovery software improperly detects file types, or treat binary files as plain text files, resulting in document productions containing very long and essentially useless document renderings of nonsense text (e.g., a CAD drawing in STEP format may be treated as a plain txt file, and provided as thousands of TIFF images of the raw STEP file text.) In some situations GoldFynch can detect these types of files in incoming document productions, and it adds this tag indicate the provided rendering is likely not very useful, and a native may need to be requested
- UUEncoded attachment: UUEncoding is an old (and now quite rare) method of attaching files to emails by placing the attachment in a plain text format directly in the message body. Opening the native email in a program like Outlook will not show the attachment file and instead just show the (sometimes very long) message body with the encoded attachment data. GoldFynch, however, detects these attachments and extracts them as separate files, adding this tag to notify users
Email-specific metadata parameters
- subject: Restricts the search to the subject line of each email in the case
- sent-date: Restricts the search to the sent date of each email in the case
- received-date: Restricts the search to the received date of each email in the case
- to.address: Restricts the search to the 'to' field of the email
- from.address: Restricts the search to the 'from' field of the email
- cc.address: Restricts the search to the 'cc' (carbon copy) email addresses
- bcc.address: Restricts the search to the 'bcc' field of the email
- recipient.address: Restricts searches to the 'to', 'cc' and 'bcc' fields at the same time, without needing to construct and link each parameter in the query with an 'OR' operator
- participant.address: Restricts searches to the 'to', 'cc', 'bcc' and 'from' fields at the same time, without needing to construct and link each parameter in the query with an 'OR' operator (it functions identically to recipient.address but also includes the 'from' parameter)
- fromOriginal.address: Retrieves emails where the email address entered is the original sender of an email chain especially in the case of a forwarded email
- savedBy.address: Retrieves emails that were saved or exported by the email address entered
- sender.address: Retrieves emails that have been sent on behalf of someone. GoldFynch only indexes this field when the sender header has a value that is different from the 'From' address
- (field).address.domain: Restricts the search to the 'domain' component of the email (e.g. the query "from.address.domain is gmail.com" would display emails sent from addresses like "email@example.com") The valid domain fields are 'from', 'to', 'cc', 'bcc', 'recipient', 'participant', 'FromOriginal', 'savedBy', and 'sender'.
- (field).addressNorm: Retrieves the normalized email address. The normalized email address is one where the aliases or modifiers have been removed. This covers text following a "+" symbol and in the case of gmail addresses it will remove instances of the "." character (e.g. firstname.lastname@example.org will be read as email@example.com and firstname.lastname@example.org will become email@example.com). All email fields like 'to', 'from', etc. can be searched with their normalized versions.
- (field).x500: Restricts the search to the Exchange x500 address of an email address, entered as a string value. All email fields like 'to', 'from', etc. can be searched with as x500 address versions. Note: GoldFynch stores LegacyExchangeDN values in the x500 address fields. Find out more about x500 addresses here.
- (field).name: Restricts the search to the 'name' component of the email address (e.g. the query "to.name is john doe" would display all emails to John Doe irrespective of whether it is JohnDoe@gmail.com or firstname.lastname@example.org). The valid name fields are 'from', 'to', 'cc', 'bcc', 'recipient', 'participant', 'fromOriginal', 'savedBy', and 'sender'.
Correct usage for email metadata parameters - full email address
Wrong usage for email metadata parameters - incomplete email (.com is missing)
Wrong usage for email metadata parameters - incomplete email (no name before @)