Using Labels to Query Logs

Use labels when querying logs to return only data from endpoints that have been assigned specified labels.

  1. Go to Detections > Logs > Log Query.

    The Log Query screen appears.

  2. Select a log type.
  3. Click the second drop-down control.
  4. Select Labels / Tags / Filters.
  5. Click OK to apply the selected labels.
  6. Select a time period from the Time drop-down control.
  7. Click Search.
Parent topic: Labels