Skip to main content
Druva Documentation

Federated Search for backed up data

inSync Cloud Editions: File:/tick.pngElite Plus         File:/tick.png Elite     File:/tick.png Enterprise     File:/tick.pngBusiness
(Purchase Separately)  (Purchase Separately)

Overview

With Federated Search, inSync administrators can quickly find end-user files and emails that have been backed up by inSync. inSync uses the metadata attributes of files and emails to deliver fast and accurate search results. 

 

 

 

 

 

 

 

 

 

  • The availability of this feature may be limited based on the license type, region, and other criteria. To access this feature, contact your Druva Account Manager or Druva Support.
  • Federated Search is available for Elite and Elite Plus  customers.
  • Search of data backed up from mobile devices is not supported.

federated search home.png

inSync indexes the data during a backup operation using file and email attributes. The attributes can be file name, folder name, email subject, and email attachment name.

After the snapshot creation is complete, during the backup operation, inSync creates an index of the data that is backed up. inSync uses metadata attributes like file name, folder name, email subject, and email attachment name to index the data based on delimiters (such as whitespace, dot, special characters, and so on). 

inSync administrators can search files and emails using a part or the entire file name or email subject. Federated Search also supports of search of files and emails using the different parameters available for files and emails. For example, when the administrator searches for "financial report", the search results will contain the following files:

  • Report for quarter end March 2016
  • 2016-2017 financial report
  • Financial health summary for January
  • Sales report for February

inSync will display results that match one or more terms. Administrators can use the available search filters and search operators to narrow down the search results.

inSync allows the following types of operators in the order of their priority:

  1. () - Parenthesis operator has the highest priority in a search query. For example, if the query is "quarterly OR report (march AND december)", then the "(march AND december)" part of the query will be executed first. 
  2. OR - By default, inSync uses OR in all search queries that contain more than one word. For example, if you search "monthly sales", then inSync will search all files or emails that either contains the word "monthly" or the word "sales". 
  3. AND - The AND operator has the last priority in a search query. For example, if you search "monthly AND sales", then inSync will search all files or emails that contain both the words "monthly" and "sales". 

 

Operators must always be entered in capital letters. If you use any other variation of the operators in your search query, inSync considers them as a keyword of the search query. For example, in the Sales And Marketing search query, And is considered as a search keyword. 

The search results show a maximum of 1000 results that match your search query. inSync displays the search results progressively. Click Load More to load the next set of search results. Using the Email Result option, up to 20,000 search results in CSV format can be sent to the email address of the inSync administrator.

Note: Search results do not list files or emails for users who have enabled Data Privacy settings.

How is the Federated Search capability used?

Find and delete malicious data

This Federated Search capability is critical, to enable administrators to locate sensitive or malicious data that is backed up by users. Administrators can also delete files from the search results. Deletion is useful when administrators want to prevent exposure of a sensitive file and remove all its occurrences from data source and storage.

File deletion feature is available only for Elite Plus customers. 

Here is an example scenario: An administrator is aware that Joe, an employee, has backed up a PDF containing sensitive data and shared the PDF with other users in the organization. In such a scenario, the administrator can search for the PDF backed up by Joe, and also search for users in the organization who have a copy of the PDF. Even if the file name has been renamed, the administrator can search using the checksum of the file. The administrator can also delete the PDF from the data source or both the data source and snapshot.

Download files for offline analysis

To further analyze the search results, administrators can email the search results in CSV format, download the files and emails from the search results for offline review, or ingest the files and emails into a third-party tool for further review.

Here is an example scenario: If an IT administrator observes that a user, Ray, is backing up files that contain sensitive or malicious data, the administrator can easily search for files that were backed up by Ray during a specific time range, and download the files for detailed inspection. 

Restore and download user data

Administrators can restore files and emails from the search results to the original location or custom location.

Here is an example scenario: Ray, an employee, leaves the organization, and later, Joe, another employee, requires access to an email that was sent to Ray. In such a scenario, the inSync administrator can search for the specific email, and restore the email from Ray’s email account to Joe’s email account. 

Enable inSync Client users to download and restore their backed up data

Using the Federated Search capability, inSync Client users can search for files and emails that are backed up by inSync, download the required files and emails from the search results, and also restore emails from the search results to the original location or custom location. Federated Search helps inSync Client users to gain access to a file that was accidentally deleted, or when they need to access a particular file from a device not owned by them.

Here is an example scenario: In case of accidental deletion of the email “December Sales Training attendees” from the user’s Exchange Online mailbox, the Client user can search their Exchange Online emails with the subject “December Sales Training attendees” sent between 10 December to 23 December, and restore the email to their Exchange Online mailbox from the search results.

Supported Platforms for Federated Search

The following table lists the actions that inSync administrators and inSync Client users can perform on the supported data sources using Federated Search. 

Note:

  • Only inSync Cloud administrators and inSync administrators with "Access Data Insights" role can access the Federated Search feature in Governance > Federated Search.
  • Legal administrators also have access to Governance > Federated Search. They can perform all actions except from file deletion. For more information, see Federated Search for Legal administrators.

Supported Platforms for Federated Search

Data Source inSync Administrator  inSync Client User
(using Search option in Data Sources tab of inSync Web)
Using Federated Search option in Governance > Federated Search Using Search option in Restore window

Endpoints (Windows OS, Mac OS, Linux OS)

Can search, download, and delete files from search results.

Can search, download, and restore files from search results. 

Can search, download, and restore files from search results. 

Cloud Apps files (One Drive, Box, Google Drive)

Can search, download, and delete files from search results.​​​​

Can search, download, and restore files from search results. 

Can search, download, and restore files from search results. 

Cloud Apps emails (Gmail, Exchange Online)

Can search, and download emails from search results.

Can search, download, and restore emails from search results.

Can search, download, and restore emails from search results.

Cloud Apps - SharePoint Online

Can search, and download files from search results.

Important: Search of SharePoint files is available only for customers on-boarded after July 13, 2019. 

Can search, download, and restore files from search results. 

Sharepoint file search is not supported.

MAPI emails

Can search, and download MAPI emails from the search results.

MAPI email search is not supported. 

MAPI email search is not supported. 

Data indexing progress indicator

You can search the data only after inSync has completed indexing of the backed up data. Once inSync starts indexing the data, a data indexing progress indicator named Data Sources Indexed appears on the Federated Search page.  This is a one-time activity and is displayed when inSync starts indexing the backed up data. The indicator is not displayed for indexing subsequent data.

indexing indicator.png

Click the info icon beside Data Sources Indexed to view details about the data indexing status. An Indexing Status window appears that displays the following details:

  • The number of data sources that inSync has indexed out of the total number of available data sources. 
  • Time remaining to index the remaining data sources.
  • The count of the number of data sources indexed out of the total number of available data sources for each data source type such as devices, Cloud Apps, and so on.

After the indexing is complete, the Data Sources Indexed indicator goes away. You can start searching the data of the data sources that inSync has indexed. inSync automatically starts indexing any data from newly added data sources.

percent of data sources indexed.png

Click Download Report to download the MDSIndexingReport.csv  file that contains the following details:

  • Data Source - The name of the data source. For devices, the device name is displayed and for Cloud Apps, the name of the Cloud App is displayed. 
  • Type - The name of the operating system of the device. For Cloud Apps, the type is displayed as Unknown.
  • Last Backup Size - The size of the last backed up data from the data source.
  • Last Backup Time -The time when the data source was last backed up.
  • Last Indexed Time - The time when the data source was last indexed. 

How to search files

Using the Federated Search capability, you can search for files backed up by inSync across all data sources (endpoints and cloud apps) for all users using:

When you search, inSync shows you a list of files that match your search query along with the following details:

  • Size of the file. 
  • Date when the file was last modified.
  • Name of the user that owns the file. You can click the username to find out more details of the user. 
  • Data source from where the file was backed up. 
  • You can also click the file name to view the detailed information about the file and view the number of versions of the file.

You can also download multiple files from the search results using the Download File option. 

How to search emails

Similar to searching files, you can search for emails backed up by inSync across email services (Gmail, Exchange Online, MAPI) for all users using:

When you search, inSync shows a list of emails that match your search query along with the following details:

  • Attachments for each email.
  • Sender of the email.
  • Recipients of the email.
  • Date when the email was sent or received.
  • The number of attachments in that email. You can view the number of attachments by clicking the attachment icon and view the entire list of recipients by clicking the number in the recipients column. 

You can also download multiple emails from the search results in EML format using the Download Email option. 

Related Links
How to search backed up files
How to search backed up emails