Search Event Data from Logger
Logger archive data can be viewed and consumed using the same parameters as in regular searches. From the page, hunt for ArcSight Logger events by selecting the Logger option from the list box next to the Search button.
Before searching Logger events, the data must be imported to the ArcSight Database. The import process might require several imports from several Loggers. Otherwise, the Logger option will not be displayed in the page.
Before running a search on the Logger data, review the following considerations:
- Search supports only Recon’s specific set of operators.
- Your searches can include data from Logger’s storage groups even if the Logger storage groups do not display as part of Recon’s configuration.
If Recon and Logger are set to the same timezone, there should be no discrepancy when searching the Logger data.
- Select > .
- From the list box next to the button, select .
- Add the required query details.
You must use the search operators supported in ArcSight Platform.
- Click .