Skip to main content
Skip table of contents

Hunt with Simple Queries

  1. Log in to the LogRhythm NDR UI.
  2. Click the Hunt tab. In the drop-down menu, click Activity.
    The Activity page appears, displaying various logs and events.
  3. To search for the logs or events for a particular community Id, click the + icon in the table for the community Id. 
    A drop-down menu with a Details tab and JSON tab appears. 
  4. In the Table tab, select the community Id field, then right-click and copy the selected community Id.
  5. Paste the copied community Id in the search bar field:
    1. Place a colon after community
    2. Insert a single space.
    3. Place double quotes around Id value.
  6. Click the search icon. 
    All logs linked to the selected community Id display.
  7. To customize your search, use the AND, OR Boolean operators. 
    For example:
    To view only the con (connection) logs, add the following to the search bar field: AND entry_type: "Connection"
  8. Click the search icon. 
    Only connection logs associated with the selected community Id display.
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close