Search Event Data from Logger

You can search Logger archived events using the same parameters as in regular searches.

Before running a search on the Logger data, review the following considerations:

The query uses only the specific set of operators available in the Search feature. If you are used to the query format in Logger, we recommend that you review the query functionality in Search.
Your searches can include data from Logger storage groups even if the Logger storage groups do not display as part of the ArcSight Database’s configuration.
Before searching for Logger events from a particular Logger, metadata from that Logger must have already been imported, and at least one data migration from that Logger must have been completed.

Select Search > +.
From the list box next to the Search button, select Logger.
Add the required query details.

You must use the search operators supported in ArcSight Platform.
Click Search.

Note: If UTC time wasn't specified in the time range for importing events, you will need to convert the archive UTC timestamp shown in the Import Logger Data tab to your browser time/selected time zone, and enter that value as search time to fetch events from that time range.