Search Need

Syntax

Notes

Single Word

acme

Returns information containing the word acme. *Single words do not require quotation marks

Multiple words/phrases

“acme plant stands”

Returns information containing the words within quotations.

Trailing Wildcard

plan*

Returns information containing words such as plans, planning, plant, plants, planet, plank, planks, etc. NOTE: System does not support the use of leading wildcards

Proximity Search

“plan campaign”~10

Returns information containing the word plan and the word campaign within 10 words of each other

Boolean AND

policy AND fund

Returns information containing the word policy and the word fund

Boolean AND with multiple words

“fingers crossed” AND “all good”

Returns information contained within the first quotations and the second quotations

Boolean OR

policy OR fund

Returns information containing the word policy or fund

Boolean OR with multiple words

“fingers crossed” OR “help required”

Returns information contained within the first quotations or the second quotations

Boolean NOT

policy NOT fund

Returns information containing the word policy but does not contain the word fund

Boolean NOT with multiple words

“fingers crossed” NOT “web campaign”

Returns information contained within the first quotations but does not contain the words contained within the second quotations

Constraining results to specific user(s)

user_id:(WJF981Z7U OR U284721J OR WTZ08491T)

If you would like to constrain search results to specific users, you may use the Slack ID of multiple users contained within parenthesis combined with the OR command.

Constraining results to specific user(s) combined with search terms

user_id:(WJF981Z7U OR U284721J OR WTZ08491T) AND “web campaign”

Returns information containing the search terms “web campaign” for only those three users listed within the parenthesis

Metadata

Syntax

Sample

Notes

User name

user_name:name

user_name:”john doe”

Searches for mentions of the user in both originating messages and messages referencing the individual user.

*The search may not return the expected results if the profile is incomplete or there are ambiguous/partial matches

Email

user_email:”email”

user_email:”john.doe@client.com”

For best results, search using the full email address enclosed in quotes

User ID

user_id:”slack id”

user_id:WJF981Z7U

The id can be found on the Custodians tab under Manage Matter. This search returns messages originated by the listed user but may not contain messages where a user is mentioned.

Channel Name

channel:​”name” 

channel:general 

“” are optional

Channel ID

channelid:”slack id”

channelid:C2GH37T9U

The channel ID may be found on the Channels tab under Manage Matter

Team name

team:”name”

team:myco

Team is synonymous with Workspace name

Occurred date

occurred:>​DD-MMM-YYYY HH:MM:SS

occurred:<​DD-MMM-YYYY HH:MM:SS

occurred:>01-Sep-2020 12:00:00

Can also use “Refine by Date Range” operators

Edited or Deleted messages

msg_edited

msg_deleted

msg_edited

msg_deleted

Text

text:text

text:acme

Limits the search to only the content of messages (rather than across both messages and metadata fields)

File type

filetype:”​type”

filetype:pdf

Using file extension

Use filetype:* to find all attachments

File name

filename:​”name”

filename:summer.png

Using file name

Bookmarks

bookmarked:true

bookmarked:false

Limits search results to only those messages that have a current bookmark applied or those with no bookmark applied

Advanced Search Examples

‘(trail* OR 'walking path’) (campground OR campgrounds)'~10

(bikeride or cycle*) AND
('TOSRV' OR 'Tour Of The*' OR (instant registration*'~5))

Search for terms that are a specified number of words from each other

Has any Reaction?

document.reactions.name:”*”

document.reactions.name:”*”

Search for messages that have any reactions.

Specific Reaction

document.reactions.name:”reaction”

document.reactions.name:”pray”
document.reactions.name:”\+1”

Match whole reaction name

Wildcard Reaction

document.reactions.name:”*reaction*”

document.reactions.name:"face*"
document.reactions.name:"*hand*"

Match a reaction that starts with “face”
Match a reaction that contains “hand”

Reaction skin-tones

document.reactions.name:”reaction”

document.reactions.name:"*skin-tone*"

document.reactions.name:"wave::skin-tone-2"

Match a reaction that refers to any skin-tone

Match a specific reaction that refers to a specific skin-tone

Specific user Reacted

document.reactions.users:”slack id”

document.reactions.users_dict.user_name:”name”
document.reactions.users_dict.user_id:”slack id”

document.reactions.users:WJF981Z7U

document.reactions.users_dict.user_name:”john doe”
document.reactions.users_dict.user_id:”WJF981Z7U”

Match reactions made by a specific user id

Match reactions made by a specific user name
Match reactions made by a specific user id

Search/Metadata

Syntax

Sample

Notes

Limit search to specific username and single search term

user_name:name AND term

user_name:john doe AND vacation

Returns information specifically for the user and the search term after the word AND

Limit search to specific email address and single search term

user_email:”email” AND term

user_email:”john.doe@client.com” AND vacation

Returns information specifically for the user email address and the search term after the word AND. You must enclose the user email address in quotations.

Limit search to specific Slack User ID and multiple search terms

user_id:Slack User ID AND “

user_id:WJF981Z7U AND “short term contract”

Returns information specifically for the user’s Slack ID and the search term(s) contained within the quotations.

Search for terms that are a specified number of words from each other

‘('term' or term)’ ~x

Where “x” is the number of words apart

‘(trail* OR 'walking path’) (campground OR campgrounds)'~10

(bikeride or cycle*) AND
('TOSRV' OR 'Tour Of The*' OR (instant registration*'~5))

Returns results that are a specified number of words from each other

Metadata

Syntax

Sample

Notes

To 

to:”don draper@scdp.com*”

to:”don draper*”

to:”don draper@scdp.com*”

to:”don.draper@scdp.com*”

Input is not case sensitive.

Gmail “to” fields can be inconsistent in the way email addresses are presented and indexed. This is due to how Google handles senders and recipients who have never been emailed in the past or whether the user exists in the email address book.  A trailing wildcard is required. 

From

from:”don draper@scdp.com*”

from:”sally draper*”

from:”sally draper@scdp.com*”

from:”sally.draper@scdp.com*”

Input is not case sensitive.

Gmail “from” fields can be inconsistent in the way email addresses are presented and indexed. This is due to how Google handles senders and recipients who have never been emailed in the past or whether the user exists in the email address book. A trailing wildcard is required. 

CC

cc:”don draper@scdp.com*”

cc:”betty draper*”

cc:”betty draper@scdp.com*”

cc:”betty.draper@scdp.com*”

Input is not case sensitive.

Gmail “cc” fields can be inconsistent in the way email addresses are presented and indexed. This is due to how Google handles senders and recipients who have never been emailed in the past or whether the user exists in the email address book. A trailing wildcard is required. 

BCC

bcc:”don draper@scdp.com*”

bcc:”bobby draper*”

bcc:”bobby draper@scdp.com*”

bcc:”bobby.draper@scdp.com*”

Input is not case sensitive.

Gmail “bcc” fields can be inconsistent in the way email addresses are presented and indexed. This is due to how Google handles senders and recipients who have never been emailed in the past or whether the user exists in the email address book. A trailing wildcard is required. 

Subject

subject:”aspen team project”

subject:”aspen team project”

Input is not case sensitive.

Strongly recommend leading/trailing quotation marks (“). 

Matches mail with the exact title string “aspen team project”. Trailing wildcards may be used as well. 

Owner

owner:”don draper@scgp.com”

Owner:”don draper@scgp.com”

Input is not case sensitive.

Strongly recommend leading/trailing quotation marks (“). 

Matches mail with the exact email address. Trailing wildcards may be used as well.

System Labels

system_labels:unread

system_labels:unread

system_labels:inbox

system_labels:opened

system_labels:starred

system_labels:snoozed

system_labels:important

system_labels:sent

system_labels:scheduled

system_labels:drafts

system_labels:spam

system_labels:trash

system_labels:deleted

Input is not case sensitive.

Standard system labels as defined within Gmail. 

Searches can be OR’d together as needed.

Snippet

snippet:text

Snippet:”hey how are you”

Input is not case sensitive.

Matches mail where the first 100 characters of the email body contain the text. 

Strongly recommend leading/trailing quotation marks (“). 

Trailing wildcards may be used as well.

Text

text:”any string of text”

text:”when are the special payments arriving”

Input is not case sensitive.

Strongly recommend leading/trailing quotation marks (“). 

Trailing wildcards may be used as well.

user_email

account:”email”

account:”john.doe@acme.com”
account:”joh*”

Who the document was collected for (first custodian)

doc_viewer

viewers:”email”

viewers:”denis.smith*”

Files which are shared with denis.smith@acme.com - where Denis has Read-only access

doc_collaborator

collaborators:”email”

collaborators:"brad@acme.com"
collaborators:"brad*”

Files which are shared with brad@acme.com - where brad can edit the files

google_doc_type

google_doc_type:”Google Type”

google_doc_type:”Presentation”
or one of: DOCUMENT, SPREADSHEET, FORM, DRAWING, SITES_PAGE

Files created in GDrive using native Google tools have this document type attribute

google_doc_id

document_id:”Google ID”

document_id:”1HB*”
document_id:”1HB_vkdIsa9s8B9Qtg0r-_wL5FNnNKDxtUEGmdupsagc”

The document’s unique ID inside GDrive.

google_doc_title

title:”text”

title:”planning meeting notes”
title:"plan*"

title of the document.
If the file was uploaded to google this is the same as the name value (includes file extension).
If a Google native file, just the title of the document.

file_name

name:”text”

name:”plan*”
name:”planning meeting notes”
name:”planning meeting notes.docx”

name of the document.
If the file was uploaded to google this is the same as the title value

file_name_original

file_name_original:”text”

file_name_original:"04-01 Staffing Plan.ppt"
file_name_original:"Staffing Plan*"

the name of the file when it was first uploaded into GDrive (if it was not originally created in Google tools)

file_name_external

file_name_external:”text”

file_name_external:"Staffing Plan*"
file_name_external:"04-01 Staffing Plan_1RNprXgqok0vXDHKS1U_06Eel4vjNXFKU.ppt"

the file name in the associated Google Vault export

file_extension

file_extension:”text”

file_extension:”docx”
file_extension:”gz”

search for files by file extension.

file_extension_full

file_extension_full:”text”

file_extension_full:”docx”
file_extension_full:”tar.gz”

the full, multi-part file extension (or the same as file_extension when not multi-part)

mime_type

filetype:”text”

filetype:”image”
filetype:"plain"

search for files with a specified mime-type (e.g. any image or plain text)

file_size

size:number

size:>1000000000 AND size:<2000000000

Size in bytes.
find files bigger than 1GB but smaller than 2GB

file_path

path:”text”

path:”win*”
path:"wine/burgundy*

find files with “win” in any part of the file path, or in a specific folder

drive_name

drive_name:”text”

drive_name:”john.doe@acme.com - My Drive”
drive_name:"My Drive*"
drive_name:”Aspen Project”

“My Drive” names are prefixed with email address of their owner
Shared Drives have the names visible in Google .

drive_id

drive_id:”Google ID”

drive_id:”1Rxo93CilzNrwZd96N093qnIWi4-_tNwDN6o”
drive_id:”1Rx*”

Find files on the shared drive with the specified ID

md5hash_source

source_hash:”MD5#”

source_hash:62b25b6f4ddeda230a56b726e2399b64

MD5 hash of the file within GDrive (only available for documents created in GDrive with Google tools)

md5hash_export

document_hash:”MD5#”

document_hash:”f93bfe16aa2937477cd127d99a5f934f”
document_hash:”f93bfe1*”

MD5 hash of the file within the Google Vault export

google_author

author:”email”

author:"john.doe@acme.com"

author:”joh*”

For best results, search using the full email address enclosed in quotes.
Note that author is the Drive Name, for files on shared drives, and is the email address of the owner if on a My Drive.

google_Last_Modified_By

google_last_modified_by:”text”

google_last_modified_by:”john doe”
google_last_modified_by:”doe*”

Name of individual who last edited the file

google_Last_Modified_By_email

google_last_modified_by_email:”email”

google_last_modified_by_email:”john.doe@acme.com”
google_last_modified_by_email:”john.do*”

email of individual who last edited the file

is_shared

is_shared:boolean

is_shared:true
is_shared:false

Only applies to My Drive files - whether the file is shared with others (viewers/collaborators)
Always false for files on a shared drive.

google_version

google_version:number

google_version:>10
google_version:20

the document version in google

is_starred

is_starred:boolean

is_starred:true
is_starred:false

document is starred or not

is_deleted

is_deleted:boolean

is_deleted:true
is_deleted:false

if false, the file has not been deleted
if true it has been deleted but still in trash

is_deleted_explicitly

is_deleted_explicitly:boolean

is_deleted_explicitly:true
is_deleted_explicitly:false

if false, the file is either not deleted at all or is in the trash.
if true it has been deleted from trash