1. School Manager
  2. School Manager
  3. Reports

Using Advanced Search

Updated
Qoria Knowledge Team

This article is for IT Support.

You can use School Manager’s Advanced Search tool to investigate user connection activity. You can use Advanced Search to report on the sources of suspicious activity, check the effectiveness of filters, or find users violating school internet usage policies.

Each search will show subtotals of key criteria and a preview of your search results. Use the search results to refine your filter to get the needed data. Once satisfied with the results, you can download all the data or schedule the results to be emailed regularly.

The Advanced Search Interface

Go to Reports > Advanced Search to view the interface.

The Advanced Search interface has four sections:

  1. Search Actions
  2. Search Filters
  3. Subtotal Tiles
  4. Search Results

Advanced Search.png
Image 1: Advanced search functions and filters

A. Search Actions 

The Dashboard options and their functionalities are:

Icon Function Description

icon-load.png

icon-reload.png

icon-stop-search.png

 Load, Reload or Stop Search

Once you have specified your filters, select this to generate or reload the report.
Selecting the X icon, you can cancel the search while the report is loading.
icon-hide-search-filters.png Hide search filters

Hides or shows the filters.

Hiding filters display the report in an expanded format.
icon-dashboard-options.png Dashboard actions

A menu to:

  • Clear the cache and refresh the report
  • Schedule delivery of reports by email
  • Reset filters
  • Set the time zone you see in your reports
  • Download a CSV or PDF of your search results

    Info

    Only the first 500 rows of data will be downloaded here.  If the user needs the full data set downloaded, see Downloading Advanced Search Data.)

  • Schedule a CSV, PDF or PNG infographic to be emailed or saved. See Scheduling Advanced Search Reports in School Manager

B. Search Filters

Set a combination of criteria to search the history of your users’ connection activities.

Filter Format Description
Hour of Day Slider (24-hour format)

The hours you want to search for connection activity. Slide the start and end to select a limited number of hours of the day in a 24-hour format to the nearest hour.

For example, limit the results to school hours or limit results to the hours of a specific class time. Selecting 6 and 16 would search for traffic between 6 am and 4:59 pm on the From Dates you specify.
Username Dropdown list with Checkbox (Text)

The users you want to investigate. Start typing the unique letters in the user ID to filter the dropdown list. The list only displays users with data during the selected From Date, so you don’t search for connection data that is not present.

Check one or more usernames to filter the search to specific users.
Group Name Dropdown list with Checkbox
(Text)

The groups of users, such as students or year groups, you want to research. Start typing the name of the group to filter the dropdown list. The list only displays groups with data during the selected From Date, so you don’t search for connection data that is not present.

Check one or more group names to filter your results.
Blocked Yes or No (Checkbox)

The filter status of the connection attempt. Limits the results to how the connection attempt was filtered: 

  • Select Yes to display blocked connection attempts
  • Select No to display allowed connections
  • Show all results by checking both or leaving both  unchecked
Agent Dropdown list with Checkbox (Text)

The users’ version of Linewize Connect  (Chrome macOS or Windows). You can limit your results by the version of Connect installed on your users’ devices.

  • Select the dropdown list and check one or more versions of Linewize Connect. Only versions of Connect running during your specified date range will be available.
  • Leave this field blank to search for all versions of Connect.
Website Conditional search (Text) The domain associated with the connection attempt. Narrows down results by filtering one or more websites. Select a search function from the dropdown and enter a website. 
Website Path Conditional search
(Text)

The path is the text after a web address. May identify the page, path or web application. Narrow down your results by filtering one or more patterns in the website path. 

While you can select the path from the dropdown, we recommend using the conditional “Contains” or “Doesn’t Contain” to allow for other characters included in the website path as the user attempts to connect.
Destination Address Dropdown list with Checkbox (IPv4 or IPv6) 

The IP address the user was attempting to connect to.

Search for one or multiple destination addresses by selecting the checkbox. 

You can type part of the IP address to limit the list of IP addresses you can select from.
Destination Port Dropdown list with Checkbox (Number)

The port (if used) at the destination.

Search from one or multiple destination ports by checking the listed ports. You can also type a port number to limit the ports you can select from.

For example, ports 443 and 1194 may be commonly associated with encrypted traffic or a specific VPN. Or, you may notice port 3389, a common port for a remote desktop connection.
Source Address Dropdown list with Checkbox (IPv4 or IPv6) 

The address of the computer inside the School Manager monitored network. 

Search for one or multiple source addresses by selecting the checkbox. 

You can type part of the IP address to limit the list of IP addresses you can select from.
Policy Dropdown list with Checkbox (Text)

The Filtering Policy applied to the connection attempt.

Select one or multiple Content Filtering Rules

You can type part of the Policy name to limit the items you can select from in your list.
Bypass Code Conditional search (Text)

A text and numeric code from Classwize allows users to access content typically blocked by a Filtering Policy. Limits the connection results to those made using the bypass codes you specify.

You can narrow down results by filtering one or more Bypass Codes. Select a search function from the dropdown and enter a Bypass Code. (See Classwize documentation for more information.)
Theme Dropdown list with Checkbox(Text)

The name of the parent content filtering Theme used to group connection attempts.

You can narrow your results down by selecting one or multiple Themes. The search results will be filtered to match the Theme you specify.

You can type part of the Theme name to limit the list of Themes you can select from.
Category Dropdown list with Checkbox (Text)

The names of the content filtering Categories used within a Theme. Select a Category to organize content and allow for more granular filtering.

You can narrow your results to the connection attempts in the specified Categories.

You can type part of the name to limit the list of Category names you can select from.
Application Dropdown list with Checkbox
(Text)

The name of the website service, app, or application associated with the connection attempt.

Search from one or multiple Applications to separate allowed and suspicious activity. 

You can type part of the Application name to limit the list of Application names you can select from.

Application names can range from generalized, like “Education”, to specific, like “Khan Academy”.
Machine Name Conditional search
(Text)

The computer name on the network, such as the Windows Workgroup name. Blanks allowed. It may be used where a shared computer has multiple users, like a library or lab computer.

Search from one or multiple machine names. 

You can type part of the machine name to limit the list of names you can select from.
Search Phrase Conditional search (Text)

Important

You must have Inspection turned on to use the Search Phrase filter.

Type a word or phrase to see if a user has tried searching for the phrase.
Reporting Type

Dropdown list with Checkbox (Text)

Reporting type is used to identify the source of the connection reported.

If the field is empty, the connection was reported by your Linewize appliance.

If the field says “Extension”, this means the connection was reported by Connect app or extension.
Device Dropdown list (Do not change) Required. Leave the default Devices listed here. Changing the Device will remove all search data. The list of devices will show any associated child devices.
advanced-search-01.png Indicator Indicates the field options update with the search criteria. The contents in the dropdown or conditional search area only show the available data for the current search selections.
From Date Calendar (YYYY/MM/DD)

The days you want to search for connection activity. Double-click on a day to set a point in your date range. Single-click on the next date in the range.

We recommend starting with no more than 14 days to limit the number of records to a manageable amount. As you identify an activity, you can limit the date range to a single day to focus on the specific activity.

You are limited to a maximum of three months due to the volume of data that needs to be processed. Select a shorter date range if the Advanced Search displays an error message.

 

Search Conditions

Several filter fields allow a conditional search, especially in text fields.

Condition Advanced Search usage
Ends with

Returns only results that are an exact match to the end characters in the field.

Review the column in the Search results and match the last characters, including symbols like .ru or .kz
Is blank

Returns only result where no characters are expected in the field and a blank was recorded. A blank is different from zero and null.

Not recommended for the Advanced Search. 

Use the number zero in number fields instead of blank. Fields like Website path will contain a slash / not a blank.
Is null

Returns only results where no data was recorded in the field. 

For example, tablets connected to the network typically do not have a Machine Name so the field would be null. You may combine the null Machine Name with the IP in the Source Address to find tablet connection results.
Doesn’t contain

Excludes results with the pattern of characters anywhere in the field. 

Not case sensitive.
Doesn’t start with

Excludes results with the pattern of characters at the beginning of the field. 

Not case sensitive. The characters, including symbols like the slash /, at the front of the string, must match.
Is not blank

Returns any results that contain any character or null data marker.

Not recommended. All records will be returned. All fields contain a slash, a zero or a null marker instead of a blank.
Matches a user attribute

Deprecated.
Matches (advanced)

Deprecated.

Contact our Linewize Support for complex searches.
Is Returns only results that are an exact match to a string of characters, not case-sensitive.
Contains Returns any results that contain your specified string of characters (may include numbers and symbols).
Starts with

Returns only results that are an exact match to the first characters in the field. 

Review the column in the Search results and match leading characters like a slash /desktop.

 

Search Logic

The default search logic inside a single filter field is OR. The search logic between different fields is AND.

Example:

From Date (2021/12/06 - 2021/12/17) 

AND Username (is student1@exampleschool.edu OR is student2@exampleschool.edu) 

AND Policy (is Block Social Media OR is Block Gaming).

This would return connection attempts that either or both "student1" or "student2" made between 00:00 on 6th December 2021 and 23:59 17th December that were blocked because they violated content filtering rules prohibiting access to Social Media or Gaming.

 

C. Subtotal Tiles

Useful data is subtotalled in an overview above the Search Results table. Watch the subtotals change as you refine your search criteria.

  1. Unique Users - select the count to view a list of the unique Usernames appearing in this search
  2. Total Connection Results - a count of all the connection attempts matching this search
  3. Allowed Connections - a subtotal of the allowed connection attempts in this search
  4. Blocked Connections - a subtotal of blocked connection attempts in this search
  5. Tile actions - options to download or reset your results are displayed when you hover over the Search Results

Viewing Unique Users

Select the hyperlinked Unique Users subtotal to see a list of the User names associated with these search results. 

You can download this list of only the User names. Alternatively, you can close this window and download all columns using the Search Results table below the subtotals.

 

D. Search Results

The bottom tile displays a preview table of the Search Results. The preview data is limited to 500 rows to ensure your on-screen searches can be completed within a reasonable amount of time.

Displayed Fields

  • Date and Time
  • Username
  • Blocked
  • Website
  • Website Path
  • Upload (bytes)
  • Download (bytes)
  • Destination Address
  • Destination Port
  • Source Address
  • Policy 
  • Theme
  • Category
  • Application (type or name)
  • Agent
  • Machine Name

Organizing Columns

To organize the columns:

  1. Hover over a column heading
  2. Drag and drop the column to a different location.

Sorting Columns

To sort by date and time:

  1. Hover over the column heading you want to sort.
    • Select the down arrow icon to sort by descending order.
    • Select the up arrow icon to sort by ascending order.

Info

The report may take up to a minute to generate, depending on the number of results.

 

Resizing the Columns

To resize the columns:

  1. Hover over the edge of a column heading. The cursor will change to double-sided arrows.
  2. Drag the column to increase or decrease the column width.

 

Column Options

To view the column options:

  1. Hover over a column heading.
  2. Select the column options icon.

Expanding the Column Options icon provides options to:

  • Freeze: select this to anchor a table column to the left side of the chart. The frozen column remains visible on the left side during horizontal scrolling. Multiple columns can be frozen at any given time.
  • Copy values: select this to copy all of the column values.
  • Autosize all columns: select this to resize the width of each column to fit its column heading name or its longest data value, whichever is wider.
  • Reset all column widths: select this to resize each column to its default width.

Was this article helpful?
0 out of 1 found this helpful
Share

Comments

0 comments

Please sign in to leave a comment.