Find the log information that meet your needs by specifying the search criteria.
Procedure
- In Cloud App Security, go to .
- Select a log type to search.For details about the log types, see Log types.
- Specify search criteria in either of the following
ways.
-
Quickly specify search criteria by using the facets in the left panel.Log facets vary with each log type you select.
Note
A maximum of 10 items can be displayed under most facets, and a maximum of 50 items can be displayed under Virus Name. -
Specify search fields and values in the search bar. This allows you to select one or several fields to query items on a more fine-grained level.Search fields vary with each log type you select.The following rules apply to the search:
-
The NOT logic is not supported.
-
Values are case insensitive.
Note
For detection logs, only the following fields support case-insensitivity: Affected user, Supposed sender, Location, File name, Subject, Sender, Envelope sender, and Recipient. -
Wildcards are not supported.
-
One field can be selected for more than one time and specified with different values as necessary. The items that meet either value will be queried and displayed. When different fields are selected and specified, only the items that meet all the fields will be queried and displayed.
-
Partial matching is supported except for the
Organization
field and time related fields. You can select a field and type the first few letters of a keyword to query.Note
For detection logs, only the following fields support partial matching: Affected user, Supposed sender, Location, File name, Subject, Sender, Envelope sender, and Recipient. -
Only exact matching is supported for the
Organization
field and time-related fields. You need to type the time exactly in theMM DD, YYYY HH:MM
format you see in the corresponding column.This includes Timestamp, Message Arrival Time, and File Modification Time.-
Timestamp: Date and time when Cloud App Security took an action on an email message or file
-
Message Arrival Time: Date and time when an email message was received
-
File Modification Time: Date and time when a file was uploaded or last modified
-
-
The All Fields fields supports querying Timestamp and all the other fields.
-
-
- Specify a time range to search.You can search the email tracking logs in the last 90 days and the other logs in the last 180 days.
- Click Search.