I see from the control center > Event Configuration that there are many
fields that don't appear in the GUI > Tips link. One such field is:

Field Name: EventID
Field ID: id
Field Description: A unique ID associated with each individual event
that is generated or received by the Sentinel system.

We have internally developed a plugin (used in action) that will write
event information to an XML file that is used with our ticketing system.
We use this to create correlated rules as a ticket.

the only way I can link one ticket with events in the system are by this
field called "EventID". I've also got a value for it however when I
perform a search as "id:<Unique_Event_ID>"; I get an error that reads:

"Invalid search filter: Cannot parse 'id:<Unique_Event_ID>': Expression
id:<Unique_Event_ID> in Lucene query is invalid. Field name 'id' is
invalid. See Search tips for information on constructing valid

Is there an easy way to make the field "EventID" searchable using


