Manage Search Results Messages
The Search experience in the Alert Logic console is intended to allow you to perform basic and advanced searches for different data types. The Search feature is flexible for structuring advanced search queries, and using fields and predefined expressions to help you find and organize messages most relevant to your investigation.
To access the Search page, click Searchin the Alert Logic console, and then click the Search tab.
After you perform a search, you can view the details of messages that appear in the search results. At the top of the search results, you can see how much data was searched, the count of messages you have selected, and a count of messages showing. Click a message to:
- View a summary of the message
- View the source properties
- Add filters or tokens to the search query to refine results
- Export the message summary to a CSV file
- Create a manual incident from the message
Open a message
Select a message, and then click Open to view the details of the selected message in a separate browser tab. The details page for a selected message displays additional information about the message, source properties, and message fields. You can use this information to further refine your log search, export the information about this log message to a CSV file, or create an incident.
Add filters or tokens to the query
From the search results, you can also add filters and tokens to the search query. Click on the message you want to see, and then click on the filter or token you want to add to the query. You will see the filter or token you clicked in the search query.
Export messages
Multiple views within log search allow you to export either a list of search results or details of a specific search to a CSV file. If you select one or more search results in the list, you can click the export icon () in the blue bar on the lower right of your screen to export selected search results to a CSV file. If you open a message to view details in a separate browser tab, you can click the export icon () to export selected search details to a CSV file.
Create an incident
The Search page allows you to create a manual incident from messages from either the list of search results or from an open log message.
At this time, Alert Logic does not support the creating an incident when with the Search Managed Account toggle on for IDS event data type.
To create an incident from the search results:
- Click the create incident icon ()to manually create an incident from the selected messages.
- In the Create Incident slideout panel, provide the requested information.
- Click CREATE.
To create an incident from an open message:
- From the list of search results, select a message.
- Click Open to open the log message in a separate tab.
- In the upper right of the open log message, click the create incident icon ().
- In the Create Incident slideout panel, provide the requested information.
- Click CREATE.