When searching in Spotter AI, entering a generic field name like “hostname” may not return results from all related attributes. Currently, Spotter AI appears to select one matching field (e.g., hostname) instead of searching across all similar variations such as:
-
devicehostname
-
sourcehostname
-
destinationhostname
-
host
This means a query like:
“Provide me all violations involving the hostname XYZ.acme.com”
may return only a subset of results instead of all logs where that hostname appears in any related field.
We’d like to better understand how you’d want Spotter AI to interpret these kinds of queries:
-
Should Spotter AI automatically include all fields with a common root term (e.g., “hostname”) in a single search?
-
Would you want to customize or map which fields are grouped together (e.g., host-related, IP-related, user-related)?
-
How important is this for improving your accuracy and efficiency in investigations?
-
What examples or use cases best illustrate when a broader, context-aware search would be helpful?
Your feedback will help define how Spotter AI could provide smarter, more intuitive search behavior in the future.
👉 If you have a specific design or workflow in mind, please create a new Idea describing how you’d like Spotter AI to handle multi-field or context-aware searches.
