Alert Logic has begun migrating customers in the us-east-1 data residency who are using the Log Messages interface in the Alert Logic console (at Search > Log Messages) to the updated Search interface. As part of the migration process, currently saved searches - which are referred to as Saved Views in the Log Search Omnibox interface - have been translated to the updated Search interface.
Note: This information applies only to customers and partners with Alert Logic Log Manager and Cloud Defender entitlements whose data resides in the us-east-1 region. Only these entitlements are affected, because the Log Messages interface is not available for Managed Detection & Response (MDR) customers and partners.
Why is Alert Logic making this change?
A replacement for the Log Messages interface has been available to all Alert Logic customers since the introduction of the new Search interface in February 2021. The new interface features a graphical look and feel that will be familiar to users of the OmniBox query builder and a more powerful Expert Mode for accessing JSON data, regular expressions, and complex logic. Benefits of the new Search interface - which can be found in the Alert Logic console at (navigation menu) > Investigate > Search - include:
- Improved built-in parsing of log messages, including support for JSON data and cloud message formats
- Customized parsing of your data using standard regular expressions
- Creation of real-time alerts (correlations) based on search queries
- Creation of nested, logical expressions, such as messages matching one of many conditions
- Tabbed interface to quickly switch between up to 5 active searches
- Built-in data export and sharing tools
- Improved speed and reliability, based on the newest Alert Logic MDR platform
Saved Views Have Been Migrated
Your existing saved views have been migrated from the Log Messages interface to the new Search interface (pictured below), and they are ready for you to review.
You can begin using the migrated searches right away by navigating to Search > Saved Searches > select the migrated tag within the Filters sidebar. To execute a migrated saved search, click on its corresponding Search () icon.
Schedule Enablement for Migrated Searches - August 16, 2021
If you have scheduled execution of some of your saved views, these schedules will be migrated to the new Search interface starting on August 16, 2021. For example, if your Failed Logins saved view is scheduled to run every night, it will continue to run every night in the new interface starting on August 16. If you have email notifications set up when the search completes, you will still receive those email notifications. Your scheduled search results will also be available by navigating to Search > Downloads.
Your existing saved views will continue to be available in the Log Messages interface, but their scheduled execution in the Log Messages interface will be disabled on this date.
Log Messages Tab Removal - September 6, 2021
On September 6, 2021, the Log Messages tab will no longer be visible in the Alert Logic console. You can continue to use the new interface to run your saved searches and access the results of scheduled searches.
Feel free to modify the migrated saved searches, change their schedules, or remove queries you no longer use.
Access to Existing Scheduled Saved View Results
Existing saved view results will still be visible using the links sent to you via email when the search is completed. These results will be available as normal for your contracted log retention period, which is up to 13 months by default (logs are retained for 12 months and automatically deleted by 13 months).
How can you prepare for this migration?
Review your migrated saved views in the Alert Logic console by accessing Search > Saved Views > select the migrated tag within the Filters sidebar > select the Search icon corresponding to a migrated saved search to load it. You can also access these directly from the Search tab using the Saved Searches quick-view icon, as identified below.
If you use automation to process the results of saved views, you can process the results of a new search by loading the saved search (Search > Saved Views > select the migrated tag within the Filters sidebar > select the Search icon corresponding to a migrated saved search to load it) and executing it. The results can be downloaded and compared with old results or processed again.
Frequently Asked Questions
How do I know if I am affected by this change? How can I check my data residency?
This migration will occur for customers with Cloud Defender or Log Manager entitlements and whose default data residency is Alert Logic's us-east-1 region. To determine your data residency, log in to the Alert Logic console and hover over the flag in the upper-right corner. If the text reads us-east-1, this change applies to you.
Do I need to do anything if I have no saved searches?
If you have no active saved searches but do use the Log Messages interface, you should review the resources in the Additional Resources section below and begin to use and become familiar with the new Search interface before September 6.
When will other data residencies be migrated?
Other data residency migrations will start in September 2021. If your data residency is not in us-east-1, you can open a ticket with Alert Logic Support to request manual migration.
How can I find out more about this migration?
If you have questions about the new interface, the migration of your saved views, or how you can take advantage of new features, utilize the Additional Resources section below or open a ticket with Alert Logic Support.
For more information on new search features, see the following knowledge base articles and documentation:
- Cloud Defender Omnibox Search Upgrade
- Software Update: Guided Mode Search
- Software Update: Improved Correlation Alerts
For more information on scheduled searches and correlation alerts, see the following knowledge base articles and documentation:
- Create and Schedule a Saved Log Search
- Correlations and Notifications
- When should I use a scheduled search or create a correlation alert?
These knowledge base articles will help you learn to use the new search interface and provide in-depth looks at advanced features: