In This Article
The Alert Logic® console utilizes OmniBox to search log messages in Alert Logic Log Manager™. Utilize the following article to acquaint yourself with understanding OmniBox features, using OmniBox to find the log you're looking for, and using and saving common search queries.
The OmniBox can be found within the Alert Logic console in the Log Manager section, under the Messages subsection.
The OmniBox has several features that customers can take advantage of in order to run various searches for log messages. This section gives you an overview of each feature and what it can be used for.
The date bar offers several ways to search and sort log messages by date.
Date bar features include:
- BETWEEN drop-down menu. This allows you to quickly choose a time frame that log messages were generated between.
- Date field boxes. These show you the exact dates and times of log messages that the search will run. The dates will change as you choose the BETWEEN parameters to their left.
- Sort icon drop down menu. This gives you the ability to choose the display order of the log messages that are returned from a completed search. The available options are listed here in the order that they appear in the drop-down menu in the Alert Logic console and the picture below. They include:
Message Type Bar
The message type bar is often used to specify a message type. It can also be used as a standalone feature, however.
Message type bar features include:
- NO FILTER drop-down menu. This allows you to choose a single message type for a search to return. The available filter options include:
The message bar allows you to include or exclude specific search terms from the log message query.
Message bar features include:
- NO FILTER drop-down menu. This allows you to include a text value to the search. You then have the option to choose how the search will filter that text value. The available filter options include:
Bottom Icon Bar
The icon bar at the bottom of the OmniBox includes several more options for customizing your log message search.
The bottom icon bar features include:
- Save View icon. With this icon, you can save your current log search parameters for quick access later.
- Available Saved Views icon. This allows you to apply and run pre-built log searches.
- Context Map icon. With this icon, you can easily search for log types by context.
- Edit Query icon. This allows you to import or export for log queries in JSON format.
- Reset Query icon. This allows you to reset the query to default or the previous loaded specifications.
- Reset to Default icon. This allows you to reset the query to default.
- Export Log Messages icon. This allows you to export currently shown log messages in CSV format.
- Options icon. With this icon, you can make changes to display options and settings.
In order to best understand all of the capabilities of the OmniBox search function, start by running a default log search. Use the BETWEEN drop down menu to specify a timeframe and click on the magnifying glass icon to initiate the search. Depending on the amount of log messages collected in your environment, this could take a moment.
Log Message Tokens
A search will generate several gray tokens, which are values pulled from the log messages.
You have the option to use these tokens to quickly change the search parameters of your log message query. A token that is clicked on will be added to the OmniBox search bar.
Now that a token has been added to the search parameters, you have options in the IS drop down menu that you can use to further define your search query. This drop-down menu allows you to quickly search for a specific log message type by choosing IS or to exclude a specific type of log message from a search by choosing IS NOT.
You can specify several parameters for a search query by clicking on any of the tokens available. The token will be added to the query just as in the log message type example above.
You have the option to include search terms in your OmniBox search query via the text box.
The text box begins returning intelligent suggestions as soon as you start typing. These suggestions are based on log types, fields, and IP addresses present in the log messages. This feature is very dynamic and should return suggestions as long as something in your environment matches or is close to what you enter into the text box.
Wild Card Searches
OmniBox executes a string literal search, which means that it matches what you type into the search bar and does not utilize wild cards. If you would like to achieve a wild card effect, you can do so by inputting only part of your search term in the text entry box. Any returns will have at least the text you entered, as well as any number of additional characters that are included in the log messages with that initial term.
Use an Available Saved View
The Log Manager OmniBox comes preloaded with several pre-saved views for common log searches. You can access these by clicking on the Available Saved Views icon in the bottom icon bar. Click All to see a list of all of the available saved view groups.
Once you've selected a saved view group and the saved view you'd like to use, you have the option to either load the view immediately into the search or to add it to your schedule to be run on a date that you set. If you schedule the search to be run later, the results will be delivered to you via email.
Save a View You Created
Any search parameters that you create can be saved in the Available Saved Views icon with the pre-created saved views. This will give you quick access to desired log results.
When your desired search parameters are loaded into the OmniBox, click the Save View star icon in the bottom icon bar. Give the view a name and select a group or groups to categorize the view into.
You have the option to choose who the saved view will be shared with. Alert Logic strongly recommends that you do not choose the No one option. If you choose the No one option, neither anyone in your company nor Alert Logic Support or analysts will be able to access it. It is recommended that you at least choose the Others in my company option.
Once you've named, categorized, and shared your saved view, click Create new view and your view will now appear in the appropriate group and be accessible via the Available Saved Views icon.