Search Event Data from Logger

Logger archived events can be viewed and consumed using the same parameters as in regular searches. From the Search page, hunt for ArcSight Logger events by selecting the Logger option from the list box next to the Search button.

Before searching for Logger events from a particular Logger, metadata from that Logger must have already been imported, and at least one data migration from that Logger must have been completed, as described in Importing Event Data From Logger.

Before running a search on the Logger data, review the following considerations:

Search supports only the specific set of operators available in the Search feature
Your searches can include data from Logger storage groups even if the Logger storage groups do not display as part of the ArcSight Database’s configuration.

Select Search > +.
From the list box next to the Search button, select Logger.
Add the required query details.
You must use the search operators supported in ArcSight Platform.
Click Search.

Note: If UTC time wasn't specified in the time range for importing events, you will need to convert the archive UTC timestamp shown in the Import Logger Data tab to your browser time/selected time zone, and enter that value as search time to fetch events from that time range