- In the Quick Search Toolbar at the bottom of the Client Console, select an option from the Search For list.
- Based on what you are searching for, specify a value. For example:
- If searching for an Alarm, enter the Alarm ID.
- If searching for an Event, enter the Event ID.
- If searching for a Host, enter any of the following:
- The Hosts name as registered in LogRhythm
- The Host IP address
- The Host DNS name
- If searching for a user, enter the user Login.
- If searching for an email address, enter the address.
- If you are searching for a Host, Login, or Email Address, enter a value in the In the past box to specify how far back the search should go. Use the list to specify if the value is in minutes, hours, or seconds.
- In the Include list, select All or a filter for the search.
- In the Options list, select from the following:
- Use Investigator. Search logs and events in both the Data Processor and Platform Manager Databases
- Use Log Miner. Search the LogMart database which stores log metadata rather than raw log data. This includes items such as IP addresses, host names, and logins from MPE logs. LogMart allows for longer term reporting and trending.
- Query Platform Manager? Search the Platform Manager database.
Query Default Data Processors? Search the default Data Processors specified in your Investigator Personal Preferences.
You can select both Platform Manager and Default Data Processors.
- Investigation Wizard. Access advanced search capabilities.
- Click Go.