Group results by attribute when searching

Security investigation tool
Supported editions for this feature: Frontline Standard; Enterprise Standard and Enterprise Plus; Education Standard and Education Plus; Enterprise Essentials Plus; Cloud Identity Premium. Compare your edition

When customizing a search in the investigation tool, you can group items by a particular search attribute to quickly understand the breadth of an issue. For example, when conducting a search based on device log events, you can group the search criteria based on the device model. 

To group results by specific attributes when customizing your search:

  1. During your search, click Group Results.
  2. From the drop-down menu, choose a condition for your search—for example, Device model.
  3. Click Search.

    With this example, a list of devices is displayed in the search results. For each item in the search results, a name for the device model is displayed, and the number of occurrences is displayed for each device model, with the highest number of occurrences listed at the top.

    You can then add more conditions to the search criteria by scrolling over items in the search results, clicking the More  icon, and then clicking Add condition to search.

    Note: Occurrences is referring to the number of events logged in the corresponding reports. For example, if you group by Group email, the column occurrences will have a value corresponding to the number of entries in Groups log events data, when filtering all events by the given group address.

Was this helpful?

How can we improve it?
true
Start your free 14-day trial today

Professional email, online storage, shared calendars, video meetings and more. Start your free Google Workspace trial today.

Search
Clear search
Close search
Google apps
Main menu
2917372849708002003
true
Search Help Center
true
true
true
true
true
73010
false
false