Log Explorer

The Log Explorer is the module where you can find information for various purposes. Some of the most common use cases of the Log Explorer are as follows:

  • To find information about any specific log activity
  • To find information needed to perform forensic analyses
  • To find information about any user/computer

Log Analyzer

You can access the Log Explorer by clicking on the Log Explorer tab and selecting Log Explorer. It opens the LOG ANALYZER window.

KKR23.png

Figure 23: Log Analyzer window

Using Log Analyzer

The LOG ANALYZER window shows all the logs captured by the team in the database and provides access to them.

To use Log Analyzer, the first step is to identify what type of information are you looking for. Once you know what you want to search for, you can add filters to show the only logs that you are interested in.

Let’s try to understand the process of finding logs about a specific hostname. To find logs for a specific hostname, follow the steps below:

  1. Click the Add filter button to set your search filters.

The Add filter drop-down menu opens, as shown below.

24.png

Figure 24: Add filter drop-down

  1. Choose the field from the drop-down list. In this example, we choose a hostname that we are interested in, as shown in Figure 25.
  2. Choose the Operator field to set your search criteria. If you know the exact value that you are searching for, you can use is

The Value field shows up.

25.png

Figure 25: Field and Operator fields

  1. Type in the value in the Value field that you want to look for in your logs. In this example, we specifically wanted to search for logs that have hostname as Italy.
  2. Click Add filter

As soon as you click Add filter button, the filter shows up on the top-left of the logs table, as shown in the below figure.

0Xy26.png

Figure 26: Add filter

Note: You can Edit, Delete, or Invert the filter by clicking on it. Also, now the log table shows only logs that have hostname as Italy.

K9j27.png

Figure 27: Logs

  1. In addition to just the logs, you can see the trend of events for this hostname by clicking on the CHART

The chart is shown with the trend for the hostname or your search criteria.

28.png

Figure 28: Chart

Adding Time Filter to the Existing Filters

In addition to the existing filter, you can further add more filters. For example, if you wish to see logs that happened between a specific time frame.

To add time filters to your existing filters, click the date filter that is next to the Add filter button, as shown in the below figure.

The time filters drop-down dialog box opens.

29.png

Figure 29: Time filters

To know how to use the time filter, see the Time Filters section.

Using Filters from the Log

Apart from using Add filters button, you can add filters directly from the log too.

To add filters from the log, follow the steps below:

  1. Open a log.

oM930.png

Figure 30: Log window

  1. The log contains various fields/values and there is a filter button before each of them (highlighted in red). Click on the filter button located before any value that you want to add as a further filter. For example, we choose the @timestamp value as a filter.

The new filter shows up on the top of the logs table and is applied to the search, as shown below.

31.png

Figure 31: Filter

Similarly, you can choose any value to be applied as a filter from the log.