When you want to analyze events matching specific criteria, include them in a report, or forward them to another system such as ArcSight ESM, you need to search for them. To search for events, you create queries. The queries you create can vary in complexity based on your needs. Queries can be simple search terms or they can be complex enough to match events that include multiple IP addresses or ports, and that occurred between specific time ranges from a specific storage group.
The following topics describe how to search for specific events in Logger using the search pages. They discuss the methods available for search, how to query for events, how to save a defined query and the events that the query finds for future use. They also describe how to set up alerts to notify particular users when Logger receives events that match specified criteria.