Use the Log Query screen to query Apex Central generated logs and log data from registered managed products. You can also narrow the search results by using advanced custom filters, export the search results in XML or CSV format, or save and share the log query search criteria with other Apex Central administrators.
Apex Central also allows you to perform a log query from the Product Directory screen.
For details, see Querying Logs from the Product Directory.
The Log Query screen appears.
Log types correspond to specific data views used in Apex Central reports.
For more information about log types and data views, see Log Names and Data Views.
Directory: Allows you to locate and select managed products from the Product Directory structure
Type: Allows you to choose a product type and select from a list of all registered managed products of the same type
Tags and filters: Allows you to select custom tags, filters, or important labels from the User/Endpoint Directory to query specific endpoints
You can select up to 10 custom tags, filters, or important labels to perform a log query.
Custom filters that contain Compliance, Important, Threat Type, Security Threat, or Threat Status Criteria information cannot be used to perform a log query.
All of the criteria: Data must match all the specified criteria
Any of the criteria: Data can match any of the specified criteria
The data columns in the Select criteria... drop-down list dynamically change based on the log type you select in the first drop-down control.
For more information about the data columns, see Log Names and Data Views and refer to the corresponding data view details.
The filtering criteria that appear in the second and third drop-down lists dynamically change based on the data column you select.
Apex Central supports up to 20 custom filtering criteria for each log query.
The search results appear in the table on the Log Query screen.
The Generated column displays the local date and time on the endpoint for when the managed product first detected the threat.
The Received column displays the local date and time on the Apex Central server for when the Apex Central server received the data from the managed product server.
Click Customize Columns to add or remove columns that display in the table.
Rearrange the order in which the columns display by dragging the column headings.
The Log Query Exporting page screen appears.
Saving a log query only saves the search criteria for the query. To save log query search results, export the results or create a report using a grid table.
For more information about creating reports, see Reports.
Saved queries are automatically visible to all users from the same Active Directory group.
A gray user icon () next to a saved query indicates a log query shared by a user from outside your Active Directory group. Hover over the icon to view the name of the user who shared the query.
After saving a log query, you can click the saved queries button () to view a list of saved queries and perform the following actions.
Click the name of a saved query to run the log query.
Click the share icon () next to a saved query name to share the log query with all Apex Central users.
Click the stop sharing icon () next to a saved query name to stop sharing the log query with all Apex Central users.
Click the delete icon () to remove the saved query.