Breadcrumbs

Create New Tails



  1. On the main toolbar, click Tail.

  2. Select Configure New Tail, and then click Next.

  3. Select which source to query from the following options:All available Log Sources. All log sources available to your user account will be queried.Selected Log Source Lists. Select which Log Source Lists to query from the grid that appears.Selected Log Sources. Select which Log Sources to query from grid that appears.

  4. Click Next.

  5. Select an option from the Add New Field Filter. For detailed instructions on adding filters, see Use the Filter Editor.

    The User (Impacted/Origin) by Active Directory Group filter is only available to Global Administrators and Global Analysts. Restricted Analysts and Restricted Administrators may not create or edit a User (Impacted/Origin) by Active Directory Group filter.


  6. Click Next.

  7. Select the log repositories to include in the query:Query the Platform Manager. Select this option to include the Platform Manager database in the query.Query all default Log Repositories. Select this option to include all default Log Repositories in the query.Query the following Log Repositories. Select this option to choose the Log Repositories you want to include in the query. The list of Log Repositories becomes active and you can select the check boxes of the repositories you want.

  8. In the Settings section, configure the following settings:History to load. How much previous history should be loaded (up to 1 week).Refresh Rate. How often new logs should be queried for (between 1 and 60 seconds).Query timeout. How long the query can run before it times out (between 5 and 3,600 seconds).Aggregate log cache size. How many aggregate logs to store in memory (between 1,000 and 10,000).Log cache size. The number of individual logs to cache in memory (between 1,000 and 10,000).Include raw log in query results. Check to include the raw logs in the query results.

  9. Click Next.

  10. (Optional) Save this Tail so you can use it again without doing all the set up:Type a name and description.Select the Permissions.User Type Read AccessUser TypeRead Access RightsGlobal AdministratorPublic Global AdministratorPublic Global AnalystPublic Restricted AdminPublic Restricted AnalystPublic All Users PrivateGlobal AnalystPublic Global AnalystPublic Restricted AdminPublic Restricted AnalystPublic All UsersPrivateRestricted AdministratorPublic Restricted AdminPublic Restricted AnalystPrivateRestricted AnalystPublic Restricted AnalystPrivateUser Type Write AccessUser TypeRead Access RightsPublic All UsersPrivatePublic All UsersPublic Global AdministratorPublic Global AnalystPublic Restricted AdminPublic Restricted AnalystPrivatePrivatePublic Global AdministratorPublic Global AdministratorPrivatePublic Global AdministratorPublic Global AnalystPrivatePublic Global AdministratorPublic Global AnalystPublic Restricted AdminPrivatePublic Global AdministratorPublic Global AnalystPublic Restricted AdminPublic Restricted AnalystPrivatePublic Global AdministratorPublic Global AnalystPublic Restricted AdminPublic Restricted AnalystSet the Record Type.(Optional) Configure Intelligent Indexing.Select Enable Intelligent Indexing.Select Enable Expiration.Click Save.

  11. To start the query, click Next.
    The Tail viewer shows an Aggregate Log/Event Listing and a Log/Event list on the same screen. Both lists update in real-time.