Log Aggregation
- 27 Nov 2023
- 2 Minutes to read
- Print
- DarkLight
Log Aggregation
- Updated on 27 Nov 2023
- 2 Minutes to read
- Print
- DarkLight
Article Summary
Share feedback
Thanks for sharing your feedback!
Security Manager, through integrations, provides centralized logs. The following are the integrations supported today.
- RapidIdentity
- Microsoft Azure
- Google Workspace
- Active Directory
Logs can be viewed via the Search tab by selecting the appropriate integration and clicking SEARCH.
Search has several components that you can utilize to filter your search results and focus on only the events you would like to see.
- Adding Filters
- Save Searches
Adding Filters
There are a few options when adding filters to your search. Each option is independent of the other, so they can be used in conjunction to provide the log view you are searching.
- Time interval
- Filter by Field
- Keyword Search
Time Interval
Selecting the time range of logs you want to view can be done by entering in the from and to dates and time, selecting a relative time (i.e. LAST MINUTE, LAST HOUR, etc...), or by selecting the appropriate bar on the time by number of log events bar chart.
Filter on Field
To filter on a specific field you can click the ADD FILTER button and select the field, operator, and value you would like to search. The fields will be relative to the integration you have selected, and the value will be based on the field type (i.e. Date field will provide a date and time picker).
If you are looking at a log event and want to directly add a field value to filter on in the specific log event you can select the field and it will automatically add it as a filter. You can also hover over a field and click the magnifying glass to see the values for that specific field ranked by occurrence. You can then select from the occurrence list to add that specific field and value to the filter.
While the log event is not expanded you are only going to be able to filter on the selected field value. If you would like to filter based on a field value NOT being present you can expand the specific log event and select the - sign within the table view
By default only minimal data is shown. If you would like to see all data, toggle the See all data toggle
Keyword Search
The keyword search bar looks across all field values in the time range you have specified. This search mechanism takes the longest and it is recommended to search on specific fields using either the ADD FILTER Button or by selecting the field in the log event
Save Searches
For searches that are used often, or if you want to be alerted when a log meets a specific search criteria you can utilize Saved Searches. Save searches by selecting the Save Search button and inputting the name, and description of the search as well as if this saved search should be a private scope or a customer scope. The latter can be seen by any user within Security Manager that is a part of your organization while the former can only be seen by the user who saved the search.
Once the search criteria has been saved you can view your saved searches by clicking the Search hyperlink.
From here, you can create an alert for your search, load your search, or delete your search.
Was this article helpful?