The Log Explorer is the module where you can find information for various purposes. Some of the most common use cases of the Log Explorer are as follows:
- To find information about any specific log activity
- To find information needed to perform forensic analyses
- To find information about any user/computer
You can access the Log Explorer by clicking on the Log Explorer tab and selecting Log Explorer. It opens the LOG ANALYZER window.
Figure 23: Log Analyzer window
The LOG ANALYZER window shows all the logs captured by the team in the database and provides access to them.
To use Log Analyzer, the first step is to identify what type of information are you looking for. Once you know what you want to search for, you can add filters to show the only logs that you are interested in.
Let’s try to understand the process of finding logs about a specific hostname. To find logs for a specific hostname, follow the steps below:
- Click the Add filter button to set your search filters.
The Add filter drop-down menu opens, as shown below.
Figure 24: Add filter drop-down
- Choose the field from the drop-down list. In this example, we choose a hostname that we are interested in, as shown in Figure 25.
- Choose the Operator field to set your search criteria. If you know the exact value that you are searching for, you can use is
The Value field shows up.
Figure 25: Field and Operator fields
- Type in the value in the Value field that you want to look for in your logs. In this example, we specifically wanted to search for logs that have hostname as Italy.
- Click Add filter
As soon as you click Add filter button, the filter shows up on the top-left of the logs table, as shown in the below figure.
Figure 26: Add filter
Note: You can Edit, Delete, or Invert the filter by clicking on it. Also, now the log table shows only logs that have hostname as Italy.
Figure 27: Logs
- In addition to just the logs, you can see the trend of events for this hostname by clicking on the CHART
The chart is shown with the trend for the hostname or your search criteria.
Figure 28: Chart
In addition to the existing filter, you can further add more filters. For example, if you wish to see logs that happened between a specific time frame.
To add time filters to your existing filters, click the date filter that is next to the Add filter button, as shown in the below figure.
The time filters drop-down dialog box opens.
Figure 29: Time filters
To know how to use the time filter, see the Time Filters section.
Apart from using Add filters button, you can add filters directly from the log too.
To add filters from the log, follow the steps below:
- Open a log.
Figure 30: Log window
- The log contains various fields/values and there is a filter button before each of them (highlighted in red). Click on the filter button located before any value that you want to add as a further filter. For example, we choose the @timestamp value as a filter.
The new filter shows up on the top of the logs table and is applied to the search, as shown below.
Figure 31: Filter
Similarly, you can choose any value to be applied as a filter from the log.