# Search Operator

The `search` operator allows you to search `for` data across multiple tables and/or columns. However, it is less efficient when compared to the `where` operator. Despite its inefficiency, the search operator is useful when you are unsure of which table or column to filter for granular search.

## **Examples**

### Searching Across Multiple Tables

The below query will search for the word "error" within the **SecurityEvent** , **SecurityDetection** , and **SecurityAlert** tables for the last 7 days.

<figure><img src="https://537410186-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FH9oYbVb7VAsDxBfUpLeo%2Fuploads%2FrM7BJtgxA62EnWC1eD0L%2F%7B5073FBC9-4F1B-4690-854B-5E41D63440BE%7D.png?alt=media&#x26;token=47428d67-73b2-4c9e-b8c5-190899f9de21" alt=""><figcaption></figcaption></figure>

<figure><img src="https://537410186-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FH9oYbVb7VAsDxBfUpLeo%2Fuploads%2FjHYwWcGUeyhmUTpBSzfJ%2Fimage.png?alt=media&#x26;token=386aba9c-8733-4552-af30-86150fe001bc" alt=""><figcaption></figcaption></figure>

### Searching Across All the Logs

The query below will search for "threat" across all tables. This could be used to search across all tables for malicious activities. Click the drop-down from any of the entries to see more details.

<figure><img src="https://537410186-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FH9oYbVb7VAsDxBfUpLeo%2Fuploads%2FbkOP3XoDuhC4Swlf36VC%2F%7B7B0C4B64-A84C-496A-A01C-7B498CD89EE1%7D.png?alt=media&#x26;token=3a917a28-c39d-4c5f-83a4-d7f13156fde6" alt=""><figcaption></figcaption></figure>

<figure><img src="https://537410186-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FH9oYbVb7VAsDxBfUpLeo%2Fuploads%2FTgn5sITQGy9QArghwM5e%2F%7B8DBEC972-18C9-41B0-ACCA-EE93BBD9A0EF%7D.png?alt=media&#x26;token=4bf4a1ff-8e9b-4184-b329-116bb6483ba9" alt=""><figcaption></figcaption></figure>

### Searching for a Specific Item From a Particular Table

The below query will search for every event relating to the address "13.89.179.10" in the **AzureNetworkAnalyticsIPDetails\_CL** table.

```session-shell
AzureNetworkAnalyticsIPDetails_CL
| search "13.89.179.10"
```

<figure><img src="https://537410186-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FH9oYbVb7VAsDxBfUpLeo%2Fuploads%2FACKiTu3vmHRLQKF2BUw6%2F%7BE01DB341-A4B6-474D-9BFF-474A8D445E2E%7D.png?alt=media&#x26;token=4aea8254-8d39-4976-9fd0-3c387201be96" alt=""><figcaption></figcaption></figure>

**Note:** CL means Custom Log; it implies any imported table. It also differentiates the built-in tables from the custom tables because most logs have the same table names.

<p align="center"><img src="https://537410186-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FH9oYbVb7VAsDxBfUpLeo%2Fuploads%2FgJTzUrfkxIqsCx4j4oiC%2F%7B28F7A316-DAF8-4810-B917-39FB983ABBBD%7D.png?alt=media&#x26;token=03ff900d-18b1-4325-949b-39d434454a5c" alt=""><br></p>