Your connected event sources and environment systems produce data in the form of raw logs. Log Search takes every single log of raw, collected data and automatically sorts them into Log Sets for you. Once you apply a search to a log, a log set, or sets of logs, you can do multiple things:
- Search logs for specific terms with a Search Language
- Build your own query to group by a field or calculate specific items
- View logs in Visual Search
- Create tags and Alerts on your log data
- Export Data to share with stakeholders
When looking at the actual log entries, you can make reading logs easier by viewing log data in JSON format. Click the Log display menu button and select Expand JSON.
All normalized log entries can be queried either by searching for a string or by searching for a keyword=value pair.
InsightIDR allows users different ways of searching their data, either via Regex, String, KeyValue or Keyword search. See Use a Search Language for more information.
Or, you can build queries off of the provided Example Queries.
You can export parseable logs to share with stakeholders at your convenience. When viewing the log entries table, select Export to CSV.
You will see a confirmation message appear. Your CSV file will be available in the Report Archive under the Entries Export tab.