Creating analytics rules

If you know the search criteria that you want to use, you can define rules for a case before you enable it for analytics. Then, when you enable analytics, data collection and indexing begins and rule actions are applied in parallel to mark and tag the matching items. You can also create and edit rules after you have enabled a case for analytics. In this instance, the new rules start marking and tagging matching items immediately.

To create an analytics rule

  1. Click the Cases tab in the Discovery Accelerator client.

  2. In the Cases pane at the left, select the case for which you want to create the rule.

  3. Click the Rule Builder tab.

  4. Click New at the top of the tab. Alternatively, to create a rule that is based on an existing rule, click the rule in the Marking rules area or Tagging rules area and then click Copy.

  5. Type a name and description for the rule.

  6. Check Rule enabled unless you want to disable the rule until a future time.

  7. In the Rule conditions area, define one or more conditions that an item must meet to match the rule. Every rule must have at least one condition.

    To define the conditions, proceed as follows:

    • In the Select attribute drop-down list, choose an attribute of the items for which to search. For example, choose Subject if you want to search the subject lines of items.

    • In the next drop-down list, choose an operator to apply to the selected attribute. For example, if you have set the attribute to Subject, you can choose the Contains operator to search for those items whose subject lines contain certain words.

    • Set the required value for the attribute. For example, when the attribute is Subject and the operator is Contains, you can type Symantec to search for those items whose subject lines contain this word. Note the following:

      • The search string cannot contain any punctuation characters other than the underscore character.

      • You can append an asterisk (*) as a wildcard character to the end of the search string.

      • SQL Server does not index commonly occurring words such as "the" and "and", so Discovery Accelerator ignores these words when it encounters them in a search string. You can override this behavior by editing the SQL Server noise word file.

    • If you set the attribute to Subject, Content, or Subject or Content, choose whether to turn search stemming on or off.

      Stemming lets you match the words that derive from the word that you specify. For example, the word "run" matches "running" and "ran". You cannot use wildcard characters in conditions that use stemming.

    • Click the + button to save the condition and add another one, if required.

      You define the relationship between two conditions with the And/Or buttons. And denotes that an item must match both conditions, whereas OR denotes that the item can match one condition but not the other.

    • If you want to remove a condition, click the - button at the right of its row.

    As you add conditions, they appear in the Rule query area. When you become familiar with the query language, you can construct more complex queries by editing the syntax manually.

  8. If you have defined one or more custodians or custodian groups with Custodian Manager, use the fields in the Rule condition settings area to specify how to search for them. In each case, you can choose to search email addresses, display names, or both. For custodian groups, you can choose to expand the distribution lists of the groups to include their members in your searches, rather than just the list names and email addresses.


    Discovery Accelerator does not expand the distribution lists when you use the Near operator with the attributes Subject, Content, Subject or Content, Author, To, CC, BCC, and Author or Recipients.

    The conditions that you enter in the Rule conditions settings area use the custodian information that is available at the time that you build the rule. This information is not updated unless you edit the rule again. For example, when you create a rule and select the option Expand distribution list to include members, the list members at that time are saved with the rule. If the membership of the list changes later, these changes are not applied to the rule until you edit and save it again.

  9. In the Rule actions area, choose how to mark or tag the items that match the rule conditions. The options are as follows:

    Mark item as

    Applies the selected mark to items that match the rule. If this rule is one of several rules that apply marks, you can set its priority level with the Rule priority as box. The lower the number, the higher the priority level.

    Tag item as

    Applies the selected tags to items that match the rule. If necessary, expand the tag groups to see the associated tags.

  10. Click Apply.

More Information

About the search attributes

About the operators

About SQL Server noise words

Manually editing queries

Changing the priority levels of marking rules

About analytics rules

Changing the priority levels of marking rules

About tagging rules

Manually editing queries

About the search attributes

About the Discovery Accelerator permissions