Using Local Search

The OSINT Suite allows performing local searches within the documents previously downloaded or imported into OSINT, i.e. those found under the Documents folder. It is important to note that local searches must be always performed after the text extraction process ends.

The local search in the OSINT Suite provides a rich query language through which the user can perform wildcard searches or boolean queries. A query can be broken up into terms and operators. There are two types of terms: single terms and phrases. A single term is a single word such as "house" or "car". A phrase is a group of words surrounded by double quotes such as "white house". Multiple terms can be combined together with boolean operators to form a more complex query.

Wildcard searches

The local search supports single and multiple character wildcard searches within single terms (not within phrase queries):

  • To perform a single character wildcard search use the "?" symbol. The single character wildcard search looks for terms that match that with the single character replaced. For example, to search for "text" or "test" you can use the search: te?t

  • To perform a multiple character wildcard search use the "*" symbol. Multiple character wildcard searches looks for 0 or more characters. For example, to search for test, tests or tester, you can use the search: test*. You can also use the wildcard searches in the middle of a term: te*t . Note that you cannot use a * or ? symbol as the first character of a search.

Boolean searches

Boolean operators allow terms to be combined through logic operators. These are the operators that our local search supports:

  • AND

  • +

  • OR

  • NOT or !

  • -

Note : boolean operators must be ALL CAPS. Some examples of using boolean searches:

  1. To search for documents that contain either "white house" or just "house" use one of the following queries (note: you can use double quotas for searching an exact phrase): 

    • "white house" house
    • "white house" OR house

  2. To search for documents that contain "white house" and "black house" use the query: 

    • “white house” AND “black house”

  3. The "+" or required operator requires that the term after the "+" symbol exist somewhere in the document. Thus, to search for documents that must contain "house" and may contain "white" use the query: 

    • +house white

  4. The NOT operator excludes documents that contain the term after NOT. This is equivalent to a difference using sets. The symbol ! can be used in place of the word NOT. To search for documents that contain "white house" but not "black house" use the query: 

    • "white house" NOT "black house"

Note: The NOT operator cannot be used with just one term. For example, the following search will return no results: 

  • NOT "white house"

5. The "-" or prohibit operator excludes documents that contain the term after the "-" symbol. To search for documents that contain "white house" but not "black house" use the query: 

    • "white house" -"black house"

Grouping

Our tool also supports using parentheses to group clauses to form sub queries. This can be very useful if you want to control the boolean logic for a query. To search for either "white" or "black" and "house" use the query: 

  • (white OR black) AND house

Created with Scroll EclipseHelp Exporter for Confluence.