Alert Logic has begun migrating customers in the all data residencies who are using the Log Messages interface in the Alert Logic console at Search > Log Messages to the updated Search interface. As part of the migration process, currently saved searches, referred to as Saved Views in the Log Messages OmniBox interface - have been translated to the updated Search interface.
Note: This information applies only to customers and partners with Alert Logic Log Manager and Cloud Defender entitlements. Only these entitlements are affected, because the Log Messages interface is not available for Managed Detection & Response (MDR) customers and partners.
Why is Alert Logic making this change?
A replacement for the Log Messages interface has been available to all Alert Logic customers since the introduction of the new Search interface in February 2021. The new interface features a graphical look and feel that will be familiar to users of the OmniBox query builder and a more powerful Expert Mode for accessing JSON data, regular expressions, and complex logic. Benefits of the new Search interface, found in the Alert Logic console at 
(navigation menu) > Investigate > Search, include:
- Improved built-in parsing of log messages, including support for JSON data and cloud message formats
- Customized parsing of data using standard regular expressions
- Creation of real-time alerts (correlations) based on search queries
- Creation of nested, logical expressions, such as messages matching one of many conditions
- Tabbed interface to quickly switch between up to 5 active searches
- Built-in data export and sharing tools
- Improved speed and reliability, based on the Alert Logic MDR platform
Saved Views Have Been Migrated
Your existing saved views have been migrated from the Log Messages interface to the new Search interface (pictured below), and they are ready for you to review.
You can begin using the migrated searches right away by navigating to Search > Saved Searches > select the migrated tag within the Filters sidebar. To execute a migrated saved search, click on its corresponding Search (
) icon.
Schedule Enablement for Migrated Searches - December 2, 2021
If you have scheduled execution of some of your saved views, these schedules will be migrated to the new Search interface starting on December 2, 2021. For example, if your Failed Logins saved view is scheduled to run every night, it will continue to run every night in the old interface. However, the saved views will also be available in the new interface starting on December 2. Alert Logic will review the migration status of each active scheduled saved view prior to executing the new saved searches in February.
Previously Scheduled Saved Views Execute in New System - February 2, 2022
Starting on February 2, saved views will be executed using the new system. If you have email notifications set up when the search completes, you will still receive those email notifications. Your scheduled search results will also be available by navigating to Search > Downloads.
Your existing saved views will continue to be available in the Log Messages interface, but their scheduled execution in the Log Messages interface will be disabled on this date.
Log Messages Tab Removal - March 3, 2022
On March 3, 2022, the Log Messages tab will no longer be visible in the Alert Logic console. You can continue to use the new interface to run your saved searches and access the results of scheduled searches. Feel free to modify the migrated saved searches, change their schedules, or remove queries you no longer use.
Access to Existing Scheduled Saved View Results
Existing saved view results will still be visible using the links sent to you via email when the search is completed. These results will be available as normal for your contracted log retention period, which is up to 13 months by default (logs are retained for 12 months and automatically deleted by 13 months).
How can I prepare for this migration?
Review your migrated saved views in the Alert Logic console by accessing Search > Saved Views > select the migrated tag within the Filters sidebar > select the Search icon corresponding to a migrated saved search to load it. You can also access these directly from the Search tab using the Saved Searches quick-view icon, as identified below.
If you use automation to process the results of saved views, you can process the results of a new search by loading the saved search (Search > Saved Views > select the migrated tag within the Filters sidebar > select the Search icon corresponding to a migrated saved search to load it) and executing it. The results can be downloaded and compared with old results or processed again.
Frequently Asked Questions
How do I know if I am affected by this change?
This migration will occur for customers with Cloud Defender or Log Manager entitlements. It does not affect customers subscribed to Alert Logic MDR.
Do I need to do anything if I have no saved searches?
If you have no active saved searches but do use the Log Messages interface, you should review the resources in the Additional Resources section below and begin to use and become familiar with the new Search interface.
How can I find out more about this migration?
If you have questions about the new interface, the migration of your saved views, or how you can take advantage of new features, utilize the Additional Resources section below or open a ticket with Alert Logic Support.
Additional Resources
For more information on new search features, see the following knowledge base articles and documentation:
For more information on scheduled searches and correlation alerts, see the following knowledge base articles and documentation:
- Create and Schedule a Saved Log Search
- Correlations and Notifications
- When should I use a scheduled search or create a correlation alert?
These knowledge base articles will help you learn to use the new search interface and provide in-depth looks at advanced features:
Comments
0 comments
Please sign in to leave a comment.