Versions Compared

Version Old Version 2 New Version Current
Changes made by

Former user

Benjamin.Walther

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

Methods of Searching

Find examples and basic search fields via ArcSight Logger - Commonly Used Event Fields

Basic Search

Analyze > Search

...

A filter is a subset of the saved search, and is the "wussier" version of a "saved search"

Downloading Finished Saved Searches

  1. Click on the Configuration Tab.
  2. Select the 'Saved Search' link on the left hand toolbar.
  3. Click on the "Saved Search Files (logger)" internal tab.
  4. Find your saved search and click on the name to download the CSV file.

Advanced Usage

ArcSight provides documentation on writing queries, including regex's, within the internal documentation available here:

https://logger1.uit.tufts.edu/logger/help/wwhelp/wwhimpl/js/html/wwhelp.htm#href=Admin-Finding_AUSM.07.04.html#1080215

FAQ

What does the Star icon do?

It's the "search analyzer." It examines your query to see if it is optimized (ie. will it run fast?). An optimized query will use indexed columns for searching.

How do I reduce the number of result columns I get?

Use fieldsets. You can select what you want with "Fields: ..."

As an example, try the "DMCA_1" fieldset. Or click customize... to define your own.