-
Log in to the LogRhythm NDR UI.
-
Click the Hunt tab. In the drop-down menu, click Activity.
The Activity page appears, displaying various logs and events. -
To search for the logs or events for a particular community Id, click the + icon in the table for the community Id.
A drop-down menu with a Details tab and JSON tab appears. -
In the Table tab, select the community Id field, then right-click and copy the selected community Id.
-
Paste the copied community Id in the search bar field:Place a colon after community. Insert a single space.Place double quotes around Id value.
-
Click the search icon.
All logs linked to the selected community Id display. -
To customize your search, use the AND, OR Boolean operators.
For example:
To view only the con (connection) logs, add the following to the search bar field: AND entry_type: "Connection" -
Click the search icon.
Only connection logs associated with the selected community Id display.
