Search & Analysis
Search and analyze audit events across all your monitored databases from a single unified interface.
Overview
The Search page is the central place to find, inspect, and analyze audit events across every database monitored by DB Audit. Use it to investigate incidents, verify compliance, or simply understand what's happening across your data infrastructure.
Results are returned in real time from indexed storage. You can combine free-text search with faceted sidebar filters, quick time-range presets, and operation shortcuts to drill down to exactly the events you need.
Search Bar & Quick Filters
Writing Search Queries
The search bar at the top of the page accepts free-form text that is matched against SQL statements. You can enter:
- • Plain text — matches any event whose statement contains the text, e.g.
users - • Operation names —
SELECT,INSERT,DROP TABLE - • Compound queries — combine terms with OR, e.g.
INSERT OR UPDATE - • Special syntax — use
success:falseto find failed queries
Quick Filter Buttons
Below the search bar, quick filter buttons let you apply common presets with a single click.
Sidebar Filters
The left sidebar provides faceted filters that refine your results. Each filter category shows the number of matching events. Filters combine with AND logic — selecting a database and an operation shows only events that match both.
By Database
Filter events to one or more monitored databases. Each database shows its event count.
By Operation
Filter by SQL operation type. Operations are color-coded for quick identification.
By User
Narrow results to specific database users or service accounts.
By Table
Filter by the table or object accessed in each event.
By Compliance Standard
Show events relevant to a specific compliance framework.
By Data Classification
Filter events that touch data with a particular sensitivity classification.
Dynamic Counts
Filter counts update dynamically as you apply other filters, so you always know exactly how many matching events remain in each category.
Search Results
Results appear as a list of event cards. A summary line at the top shows the total number of matching events and how long the query took.
Each result card displays:
Event Detail Modal
Click any result card to open a detail modal with the full event information. This is where you can inspect the complete SQL statement and all associated metadata.
| Field | Description |
|---|---|
Statement | The full SQL statement that was executed |
Normalized Statement | The SQL statement with literal values replaced by placeholders for pattern matching |
Operation | The SQL operation type (SELECT, INSERT, UPDATE, DELETE, CREATE, etc.) |
Success / Error | Whether the query succeeded, plus the error message if it failed |
Database | The name of the database where the query ran |
User | The database user who executed the query |
Timestamp | When the query was executed (full date and time) |
Duration | How long the query took to execute (in milliseconds) |
Rows Affected | Number of rows returned or modified by the query |
Client Host | The IP address of the client that issued the query |
Table / Object | The table or database object accessed by the query |
Classifications | Data classification tags applied to the accessed data (PII, PHI, Financial, etc.) |
Exporting Results
Click the Export button at the top of the results list to download the current filtered results as a JSON file. The export includes all events matching your current search and filter criteria.
Filename Format
Exported files are named with the pattern audit-events-YYYY-MM-DDTHH-MM-SS.json, using the timestamp of when the export was generated.
Pagination
Search results are paginated at 50 events per page. Navigation controls at the bottom of the results list let you move between pages.
Previous / Next
Step through pages one at a time.
Page Indicator
Shows your current page and total pages.
50 Per Page
Each page displays up to 50 events.