As the COVID-19 situation continues to evolve and organizations are having to adjust, Alert Logic is here for you, 24/7. Learn More

Giveaway alert!

Comments

9 comments

  • Official comment
    Avatar
    John Norden

    Bill...

    I am John Norden, the Technical Product Manager for Search.  Thanks for taking the time to reach out and comment. I am extremely happy to hear that the new search is opening up new possibilities for you. Creating a scheduled search is pretty straight forward. From the Log Search main page, just click "save" once you have a search you like and provide a name, set a scheduled an define whether or not you'd like to receive a notification. If you end up needing help, just reach out to Support and we'll walk you through it!

    Thanks again!

    Comment actions Permalink
  • Avatar
    Bill Phillips

    The Log Search beta allowed me to get much closer to my goal much faster  than figuring out the standard alerts. Now all I have to do is find the option to re-run the search on a schedule, email the results, and hopefully filter the results based on the message content. (remove application installs where the vendor is Microsoft)

    2
    Comment actions Permalink
  • Avatar
    Abby Kincer

    Bill - congrats! You've won the Improved Log Search giveaway! Thanks for sharing your thoughts. Be on the lookout for an email from me to collect your details.

    1
    Comment actions Permalink
  • Avatar
    Bill Phillips

    Abby - When should I expect to get this email?

    1
    Comment actions Permalink
  • Avatar
    Abby Kincer

    Hi Bill - thanks for following up. We're very coordinated, because I just sent it your way a bit ago! You can expect to get your swag very soon.

    0
    Comment actions Permalink
  • Avatar
    Kenneth Mansfield III

    I have been using Log Search more and more in the past year and have found it to be useful and highly functional, however there are some short-falls. The expression builder is a little confusing, and does not include most fields that are included in windows events. You can still search by field, but you have to know the name of the field you want to search for. It would be easier to search by windows event ID by default. I've also noticed that some message types for common Windows events are not included in Alert Logic, either for correlations or for auto-fill message type on Log Search. An example of this that I've found is Windows event ID 4624: "An account was successfully logged on". I cannot search by or alert on this message type, which is fairly common. 

    0
    Comment actions Permalink
  • Avatar
    Abby Kincer

    Kenneth Mansfield III - thank you for sharing this with us; we truly appreciate your feedback! I'm going to send this up the chain to our Product team and will keep you updated as I hear of log search improvement plans.

    I see you've contacted Support regarding your inability to search on the specific message type you've mentioned - I'll keep an eye on that and make sure it's moving in the right direction for you. Please don't hesitate to reach out in the meantime!

    0
    Comment actions Permalink
  • Avatar
    Kotresha Megalamane

    the search function looks good but to start with its better to add some standard search queries for the standard log for FW, AV products and also if you can able to represent it into pictorial it would be very useful for the analysts.

    1
    Comment actions Permalink
  • Avatar
    Abby Kincer

    Kotresha Megalamane - thank you for your feedback! I'll send the suggestion of including standard search queries up to our Product team for consideration. This may also be something that we, as a documentation team, can address. I agree that photos can be very helpful; our team will make note to include more screenshots of search queries as we continue to create help documentation on Log Search.

    - Abby

    0
    Comment actions Permalink

Please sign in to leave a comment.