Log Aggregation
  • 27 Nov 2023
  • 2 Minutes to read
  • Dark
    Light

Log Aggregation

  • Dark
    Light

Article summary

Security Manager, through integrations, provides centralized logs. The following are the integrations supported today.

  • RapidIdentity
  • Microsoft Azure
  • Google Workspace
  • Active Directory

Logs can be viewed via the Search tab by selecting the appropriate integration and clicking SEARCH.

search

Search has several components that you can utilize to filter your search results and focus on only the events you would like to see.

  • Adding Filters
  • Save Searches

Adding Filters

There are a few options when adding filters to your search. Each option is independent of the other, so they can be used in conjunction to provide the log view you are searching.

  • Time interval
  • Filter by Field
  • Keyword Search

Time Interval

Selecting the time range of logs you want to view can be done by entering in the from and to dates and time, selecting a relative time (i.e. LAST MINUTE, LAST HOUR, etc...), or by selecting the appropriate bar on the time by number of log events bar chart.

search-time-filter

Filter on Field

To filter on a specific field you can click the ADD FILTER button and select the field, operator, and value you would like to search. The fields will be relative to the integration you have selected, and the value will be based on the field type (i.e. Date field will provide a date and time picker).

search-add-filter

If you are looking at a log event and want to directly add a field value to filter on in the specific log event you can select the field and it will automatically add it as a filter. You can also hover over a field and click the magnifying glass to see the values for that specific field ranked by occurrence. You can then select from the occurrence list to add that specific field and value to the filter.

search-select-field-filter

While the log event is not expanded you are only going to be able to filter on the selected field value. If you would like to filter based on a field value NOT being present you can expand the specific log event and select the - sign within the table view

search-negate-field-filter

By default only minimal data is shown. If you would like to see all data, toggle the See all data toggle

Keyword Search

The keyword search bar looks across all field values in the time range you have specified. This search mechanism takes the longest and it is recommended to search on specific fields using either the ADD FILTER Button or by selecting the field in the log event

Save Searches

For searches that are used often, or if you want to be alerted when a log meets a specific search criteria you can utilize Saved Searches. Save searches by selecting the Save Search button and inputting the name, and description of the search as well as if this saved search should be a private scope or a customer scope. The latter can be seen by any user within Security Manager that is a part of your organization while the former can only be seen by the user who saved the search.

save-search

Once the search criteria has been saved you can view your saved searches by clicking the Search hyperlink.

save-search-hyperlink

From here, you can create an alert for your search, load your search, or delete your search.

save-search-list


Was this article helpful?


ESC

Eddy AI, facilitating knowledge discovery through conversational intelligence