You may want to run an investigation periodically to determine the most frequent common events collected by LogRhythm.
-
On the main toolbar, click Investigate.
-
Select Configure New Investigation, and then click Next.
-
On the Select Search Type screen, select the Platform Manager Search option.
-
In the Select Date Range to Query section, select In the Last and enter 30 Days in the boxes.
-
Click Next.
-
On the Select Log Sources to Query screen, select All available Log Sources.
-
Click Next, and then click Next again.
-
Set the parameters as follows:Maximum logs to query: 50,000Aggregate log cache size: 50,000Log cache size: 50,000Query timeout: 180
-
Click Next.
-
(Optional) Enter a name and click Save.
-
To run the Investigation, click Launch.