Better document which fields are used

2025-07-06 21:00:22 +00:00 · 2019-08-16 19:22:47 -04:00 · 2019-08-16 19:22:47 -04:00 · 09fdfc91e4
commit 09fdfc91e4
parent 51b695a6b4
2 changed files with 15 additions and 8 deletions
--- a/KeywordSearch/solr/solr/configsets/AutopsyConfig/conf/schema.xml
+++ b/KeywordSearch/solr/solr/configsets/AutopsyConfig/conf/schema.xml
@ -561,10 +561,13 @@
        leading wildcard queries. -->
   <!--<field name="text_rev" type="text_general_rev" indexed="true" stored="false" multiValued="true"/>-->
   
-   <!-- field with white-space tokenized words for TermsComponent regex search (useful for fast search of IP addresses, URLs, certain phone numbers)
-		also be useful for Lucene based queries containing special characters-->
-   <!-- populated via copyField -->
+   <!-- field with white-space tokenized words for TermsComponent regex search.
+        No longer being populated by Autopsy, but remains for backward compatability.
+        content_str is used instead to better deal with regex that have white space. -->
   <field name="content_ws" type="text_ws" indexed="true" stored="false" multiValued="true" /> 
+   
+   <!-- field that contains the raw string form of the chunk. Used for regular expression
+        matching.  Populated by Autopsy using lower-case text and a copyField for file name. -->
   <field name="content_str" type="string" indexed="true" stored="true" multiValued="true" />
   
   <!-- Uncommenting the following will create a "timestamp" field using
--- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Server.java
+++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Server.java
@ -101,25 +101,29 @@ public class Server {
                return "image_id"; //NON-NLS
            }
        },
-        // This is not stored or index . it is copied to Text and Content_Ws
+        // This is not stored or indexed. it is copied to text by the schema
        CONTENT {
            @Override
            public String toString() {
                return "content"; //NON-NLS
            }
        },
+        // String representation for regular expression searching
        CONTENT_STR {
            @Override
            public String toString() {
                return "content_str"; //NON-NLS
            }
        },
+        // default search field.  Populated by schema
        TEXT {
            @Override
            public String toString() {
                return "text"; //NON-NLS
            }
        },
+        // no longer populated.  Was used for regular expression searching.
+        // Should not be used. 
        CONTENT_WS {
            @Override
            public String toString() {
@ -132,28 +136,28 @@ public class Server {
                return "file_name"; //NON-NLS
            }
        },
-        // note that we no longer index this field
+        // note that we no longer store or index this field
        CTIME {
            @Override
            public String toString() {
                return "ctime"; //NON-NLS
            }
        },
-        // note that we no longer index this field
+        // note that we no longer store or index this field
        ATIME {
            @Override
            public String toString() {
                return "atime"; //NON-NLS
            }
        },
-        // note that we no longer index this field
+        // note that we no longer store or index this field
        MTIME {
            @Override
            public String toString() {
                return "mtime"; //NON-NLS
            }
        },
-        // note that we no longer index this field
+        // note that we no longer store or index this field
        CRTIME {
            @Override
            public String toString() {