1.2 Searching in Retain’s Archives

The Browse tab immediately grants access to the selected mailbox. Individual users will only see their own mailbox, while users with the administrator right to search all mailboxes will have the option to change mailboxes to another user.

Retain is an archiving solution not a message management system. All items are stored in the location Retain found them in the production system and cannot be moved.

To change to a different mailbox, select the ‘Change Mailbox’ button in archive toolbar. Once clicked, the ‘Select Mailbox’ dialog will open.

The Select Mailbox dialog asks for specific information. Select which mailbox you want to see by selecting its radio button and clicking OK.

When searching for a mailbox, the system of the mailbox must be selected as mailboxes from different systems may have the same user name or criteria. Select which mail system the desired user belongs to, specify any further criteria, or leave the criteria blank to display all possible mailboxes from that system.

(If Retain for Social Messaging is set to anonymous user, all Social Messaging data will be contained under the single user ‘?@?’, and separate user names and pertinent information is contained in the ‘from’ dialog. Otherwise, individual user accounts will be displayed.)

If the search results are extensive, the system will have a ‘Next’ or ‘Previous’ button at the bottom of the search results window, which displays the next set of results.

Refine search parameters to reach a manageable search result.

In Retain, you can only browse one mailbox at a time. To search multiple mailboxes simultaneously, use the search function.

After selecting a mailbox, click ‘Ok’ to load that mailbox into the viewer.

How the browse interface appears will depend on the email system being archived.

Retain’s Search feature designed to work much like a Google search, with anticipated auto-correct search terms. The Search tab allows searching across the entire Archive for administrators, while users can only search their own archives.

The Search tab allows for management of searches. This is accomplished by Saving searches for later use. These searches can then be shared with others, loaded later, removed when no longer desired, and trimmed to remove duplicate data.

The icons for these functions are on the left, next to the search field. In order: Load, Save, Share, Delete, and Collapse Duplicates. Collapse Duplicates removes all duplicate results in GroupWise mailboxes.

To begin a search, type the desired search term into the search query field, or load a saved search. The search results will be automatically populated on specified search terms after a sufficient pause in typing. The auto complete suggestion feature requires at least 3 characters to be specified and a pause of several seconds before it will begin to work.

Tokenized Search Phrase

The indexing engine follows Unicode Standard Annex #29. This standard uses many common characters such as ' " . : @ + - * / and , as phrase-ending or-beginning characters. These characters will cause the system to read any character separated terms as individually entered items when the search is performed. Individually entered terms are treated as OR searches. For example, this means that using the search term 10/20 will be processed as 10 OR 20. Substituting a space instead of the character will provide a logical 'AND' search. For example, searching for 10 20 will be processed as 10 AND 20 as the search term. For example, searching for an email address test@example.com.com will drop the @ even in an exact search with double quotes and with return test AND example.com.

Spaces between normal search terms are a delimiter between search terms:

The search algorithm follows these criteria:

Results from these different terms are weighted in the order listed above. This behavior can be overridden by locating the solarcloud.indexing.properties file and changing the property phraseSearch.singleWordMatch. Setting this property to '0' turns this off, while leaving it set at '1' activates this search behavior.

Result terms are also highlighted in the user interface to ease visual confirmation that the term exists in the message. However, terms in attachments are not highlighted.

The Advanced Search tab contains the ability to specify vast amounts of criteria and combine search terms to exclude and include various searchable items to retrieve specific information. This search works better, the more you know about what you are looking for, as it allows fine tuning of criteria.

Searches will be restricted to the mailboxes specified in the ‘Search Mailboxes’ window. By default, all mailboxes are set for searching. To limit the search to the mailbox or mailboxes specified, click on the Select button to open the ‘Select Mailboxes’ window. The ‘Select Mailboxes’ window functions exactly the same in advanced search as it does in the standard search.

The system will begin to display results as soon as either the search mailboxes have been specified, or new search criteria has been added. To add new criteria, select the Add button.

The Search Criteria contains the ability to specify where to search, operating criteria - (word ends with, word starts with, field contains words, field contains phrase), and the desired search terms. The list of search items and fields available to be specified in the drop-down list is shown. Each variable on the list is tied to appropriate search operators, (date range allows the specification of a date, Confidential tags have a true/false operator, etc.)

Search Field

Subject: search the message subject field.

Recipient: search the message recipient field.

Attachment name: search the names of the message attachments.

Category: search the item’s category field.

Date: this depends on the type of item. This can be a range. If it is a sent email or instant message, it is the sent date. If it is a received email, then the received date; an appointment, the appointment date.

Sent date: search the message sent date field. If the message is an email this can set by email sender and can be spoofed.

Received date: search the message received date field. If the message is an email, it is set by receiving email server and is very reliable.

Begin date: The earliest date to be searched for calendar items, appointments, tasks and so on.

End date: The latest date to be searched for calendar items, appointments, tasks and so on.

Tag: search tags set within Retain.

Litigation hold: search items that have litigation hold applied by Retain.

Confidential: search items that have confidentiality applied by Retain.

Item Type: search the item type, which may be Mail, Phone message, Appointment, Task, Note, Message, Phone call, and BB PIN.

Item Source: search the item source of Received, Sent, Personal, or Draft.

Sender (email): search sender by email address.

Sender (display): search sender by display name.

Sender Domain: search by the sender domain.

Recipient Domain: search by the recipient domain.

Mail server: search by the mail server of sender and recipient.

Messaging Domain: search by the messaging domain of sender and recipient.

Phone number: search by phone number, if the phone number field exists.

Location: search by location, if the location field exists.

Internet Header: search the term in the Internet header field

Message Content: search only the content (body and attachments)

Attachment size: search by attachment size in bytes.

Opened: search only messages that have been opened.

Read: search only messages that have been read.

Private: search only messages that have been marked private.

Operating Criteria

Each field can be restricted to:

Field Contains Phrase: An exact search of the phrase, the same as enclosing the phrase in quotes in simple search. Basically ANDing each word in the phrase. For example, search for “The quick brown fox” will return only items with the entire phrase ‘The quick brown fox’

Field Contains Words: will search for each word in the phrase. This will be ranked by closest match at the top. Basically ORing each word in the phrase. For example, search for “The quick brown fox” will return only items with the entire phrase ‘The OR quick OR brown OR fox’.

Field Does Not Contain Words: will exclude search results with the words.

Words Start With: will search for the word but with a wildcard at the end. For example, deter will be treated like deter* and return determine, determined, deterred, and so on.

Word Ends With: will search for the word but with a wildcard at the front. For example, “tion” will be treated like *tion and return action, playstation, function, and so on.

Cascading Options

In addition, the interface allows for no limit of search terms, additional terms can be added to the search criteria and connected to the previous search terms. Additional criteria may be logically connected with ‘and’, ‘or’, or ‘new group’. To add a new search term and criteria, select the ‘+’ directly to the right of the existing search criteria.

By default, when a new search term is added, it is automatically ‘AND-ed’ together with the previous search term. This allows you to be able to build complex search terms to fit known data.

When building complex search criteria, it is critical to know what you are looking for. For instance, if an insider trading tip was suspected, and the recipient was known as well as some details about the message and when it must have been sent by, the following search could be compiled:

In this search, any message sent which stated ‘merge’, or ‘merger’ in the subject, and contained a known company secret in the message body, or, discussed the name of an executive involved, would be displayed. In addition, the search would also grab any messages sent to the suspected contact before the merger date. Additional criteria which could be added includes the company’s stock listing or any further details pertaining to the proposed leak.

To begin the search, select the Save button at the bottom of the query window to perform the search. The active criteria is now listed in the left pane, and may be edited or removed. To add criteria, select the Edit button to add to or refine the search criteria.

The Exported Items tab shows the export jobs which are currently running, or have been run in the past, on the system. If an export job has completed, this tab will contain the file and provides a link for download of the completed export job.

Once complete, a notification email is sent, if a notification address was provided, and the PDF or PST .zip file is shown here.

Locate the desired export and select the disk icon to download the export file.

A notification also shows in your Notification Center found under "Welcome, [username]" at the top center of the Retain Mailbox web console.

The Tag Definitions tab allows the creation and removal of Tags, their automatic comment, and name. Tags are an informative note which can be attached to any data item in the search messages interface. There is no limit to how many tags any one item may have applied to it, and there is no limit to how many tags a user may create. In addition, tags are also a searchable item, making this one of the most versatile ways to add long-term identification for items in the data store.

Before the tag icon will appear on the in the search interface tool bar, there must be at least one tag defined. To define a tag, enter the tag name and initial comment if desired, then, if the user has permissions to do so, define whether the tag is personal or global. Once saved the tag is available for use.

Global tags are tags that any user with the rights to see global tags will be able to view and apply. Personal tags are limited to the user who created them. Only tags visible to users will be available to be searched for by that user.

Any tags created or subject to manipulation by the user logged-in will be displayed under this tab.

To apply a tag to a message or data item in the search messages interface, simply select the data item or items, and then click the ‘Add / Remove’ tag button in the tool bar.

The options section here is exactly like the section in the Administration | Users section. These settings here are specific to the currently logged in user. .