Search Server performs the following functions:

These functions are described in more detail below.

Indexing is a process through which the textual data on DeviceLock Enterprise Server becomes searchable and retrievable.

Search Server starts the indexing process automatically as soon as you specify DeviceLock Enterprise Server(s). The indexing process can result in either the creation or update of the full-text index. There is only one full-text index per Search Server, making management more efficient. The full-text index stores information about significant words and their location. During index creation or update, Search Server discards noise words (such as prepositions, articles, and so on) that do not help the search.

Search Server indexes all text data from the following sources: Audit Log, Shadow Log, Deleted Shadow Data Log, Server Log, Monitoring Log, and Policy Log.

The indexing process happens in two stages. In the first stage, Search Server extracts significant words from shadow copies and log records and saves them to temporary indexes for each specified DeviceLock Enterprise Server. For each temporary index, Search Server processes 1,000 records from each log. In the second stage, when either the number of temporary indexes becomes equal to 50 or 10 minutes pass, all temporary indexes are combined into a permanent master index that is used for search queries. The process of combining temporary indexes into a master index is called merging.

The creation of the master index is a time-intensive process. Indexing speed can vary considerably depending on the type of data being indexed and the hardware being used. Generally, indexing speed is between 30 and 120 MB/minute. Consider the following example:

After the DeviceLock Enterprise Server data has been indexed, you can run full-text queries. These queries can search for one or more specific words or phrases. When a search query is executed, Search Server processes the query and retrieves a list of results from the index that matches the criteria of the query. Filtering can be applied to the search to narrow the result set returned. For example, the results can be filtered by log or date. Querying the full-text index is extremely fast and flexible. A search operation takes only seconds to locate and return matches for particular search criteria. For detailed information about the search results page and search results, see Working with search results.