Giveaway alert!
This giveaway is now closed.
--
To celebrate the start of 2019 and our improved Log Search functionality, we're giving away Alert Logic swag! All you have to do is explore the improved Log Search and then come back here and tell us what you thought about it. See the full details in our Giveaway: New year, new log search community post. Good luck!
-
Official comment
Bill...
I am John Norden, the Technical Product Manager for Search. Thanks for taking the time to reach out and comment. I am extremely happy to hear that the new search is opening up new possibilities for you. Creating a scheduled search is pretty straight forward. From the Log Search main page, just click "save" once you have a search you like and provide a name, set a scheduled an define whether or not you'd like to receive a notification. If you end up needing help, just reach out to Support and we'll walk you through it!
Thanks again!
-
The Log Search beta allowed me to get much closer to my goal much faster than figuring out the standard alerts. Now all I have to do is find the option to re-run the search on a schedule, email the results, and hopefully filter the results based on the message content. (remove application installs where the vendor is Microsoft)
2 -
Bill - congrats! You've won the Improved Log Search giveaway! Thanks for sharing your thoughts. Be on the lookout for an email from me to collect your details.
1 -
Abby - When should I expect to get this email?
1 -
Hi Bill - thanks for following up. We're very coordinated, because I just sent it your way a bit ago! You can expect to get your swag very soon.
0 -
I have been using Log Search more and more in the past year and have found it to be useful and highly functional, however there are some short-falls. The expression builder is a little confusing, and does not include most fields that are included in windows events. You can still search by field, but you have to know the name of the field you want to search for. It would be easier to search by windows event ID by default. I've also noticed that some message types for common Windows events are not included in Alert Logic, either for correlations or for auto-fill message type on Log Search. An example of this that I've found is Windows event ID 4624: "An account was successfully logged on". I cannot search by or alert on this message type, which is fairly common.
0 -
Kenneth Mansfield III - thank you for sharing this with us; we truly appreciate your feedback! I'm going to send this up the chain to our Product team and will keep you updated as I hear of log search improvement plans.
I see you've contacted Support regarding your inability to search on the specific message type you've mentioned - I'll keep an eye on that and make sure it's moving in the right direction for you. Please don't hesitate to reach out in the meantime!
0 -
the search function looks good but to start with its better to add some standard search queries for the standard log for FW, AV products and also if you can able to represent it into pictorial it would be very useful for the analysts.
1 -
Kotresha Megalamane - thank you for your feedback! I'll send the suggestion of including standard search queries up to our Product team for consideration. This may also be something that we, as a documentation team, can address. I agree that photos can be very helpful; our team will make note to include more screenshots of search queries as we continue to create help documentation on Log Search.
- Abby
0
Please sign in to leave a comment.
Comments
9 comments