InsightIDR

Log Search

Your connected event sources and environment systems produce data in the form of raw logs. Log Search takes every single log of raw, collected data and automatically sorts them into Log Sets for you. Once you apply a search to a log, a log set, or sets of logs, you can do multiple things:

Log View Options

When looking at the actual log entries, you can make reading logs easier by viewing log data in JSON format. Click the Log display menu button and select Expand JSON.

All normalized log entries can be queried either by searching for a string or by searching for a keyword=value pair.

Searching Your Data

InsightIDR allows users different ways of searching their data, either via Regex, String, KeyValue or Keyword search. See Use a Search Language for more information.

Or, you can build queries off of the provided Example Queries.

Export Data

You can export parseable logs to share with stakeholders at your convenience. When viewing the log entries table, select Export to CSV.

You will see a confirmation message appear. Your CSV file will be available in the Report Archive under the Entries Export tab.