Watch: How to use Lucene query syntax to search files by create, modified and access dates and to tag them as obsolete
Step 1: Know the Syntax
In order to find obsolete files you need to be able to search based on a date range using the Lucene query syntax. Below are the three Lucene equivalents to the standard Windows OS date metadata;
created date = creationTimeUtc:
modified date = lastWriteTimeUtc:
accessed date = lastAccessTimeUtc:
Lucene query examples:
extension:log AND creationTimeUtc:[2019-08-31 TO 2019-09-30]
extension:log AND creationTimeUtc:[* TO 2019-09-30]
Step 2: Determine Risk Levels
Risk levels might be unique to your organization and are completely customizable. Shinydocs has built a library of common rules that you can use as a starting point.
Examples of Risk Levels:
Low Risk
.log files with a created date older than 6 months ago
Medium Risk
files with a modified date older than one year and contains the word "draft" in the file name or folder name
High Risk
files with a created date and modified date older than seven years
Step 3: Query the Visualizer Examples:
This is an optional step, but the interactive Visualizer tool makes the results of your query more easy to explore.
Step 4: Apply classifications in eDiscovery
- In Discovery Desktop enter the same search string, which in this example returns a matching 23 files
- Right-click and select 'Select All' files
- Right-click again and select 'Classification'
- Set the Classifications property to: 'Rot_obsolete'
- Enter the new classification value to: 'Low_risk_obsolete'
Step 5:
Repeat the steps above for both Medium and High Risk queries. That's it, machine speed at your fingertips!
