Strata Logging Service
Interact with Query Results
Table of Contents
Interact with Query Results
Learn how to interact with query results.
Where Can I Use This? | What Do I Need? |
|---|---|
|
|
After you create the filter to display the set of logs that you're interested in, you
can choose to do the following:
- View log details from the log table.
- Configure the log table to show only the required fields.
- Save the filter to use later or to share with other users.
- Save the settings as preferences in profiles.
- Export the log details to a compressed CSV file in GZ format.
Save Filters
After you create the filter to display the set of logs that you're interested in,
you can choose to save the filter to use later or to share with other users.
- Select
and enter a query in the query field. - (Optional) Name the filter.The default name isNew Filter <.datetime>
- Savethe filter.
- After saving the query, click
to
view, execute, edit, delete, or share it () with other users.
ShareCopy LinkThe user must have access to the sameStrata Logging Servicetenant and the necessary permissions to view logs.
Configure Log Table
By default, the log table shows you a subset of the fields on the log record.
These are shown in the order that they appear on the log record. The exception
is the pinned field, which is shown as the first column in the table, and is by
default the record's
Time Generated
field.
You can change the fields that are displayed in the log table, their order, and
which fields are pinned.
- To pin the column, click on the menu control in any table column header. In the resulting pop-up, you can configure your table settings. UsePin Columnto control whether the current column is pinned.
- Identify which fields appear in the log viewer table. Use the Search field to quickly find a specific field. Fields that are checked will appear in the log viewer table.
- Click and drag on any column header to reorder the table columns.
Save Preferences
You can configure preferences, such as time zone and Cloud Identity Engine (CIE)
instance, and save these preferences in named profiles. Profiles also save the
columns you’ve chosen to display in the order that you have arranged them, and
they retain any queries you’ve saved.
- Select
>
+ New Profile. - Enter a profile name.
- Select an existing profile on which to base your new profile.SelectingDefaultbegins your profile with the preferences that were set when you first installed the app.
- Savethe profileAny preferences you change will automatically save to the currently selected profile.
Export Log Records
Once you have retrieved log records, you can export them to a compressed CSV file
in GZ format. No matter which time zone you selected, exported logs will always
display UTC time.
Exports are limited to a maximum of 1.5 million rows of data as long as it
does not exceed 1 GB of total data. If the export exceeds 1 GB, try refining
your query to return fewer than 1.5 million rows.
Click
Export
to start exporting the log records. After a
short period of time (which depends on how many records you are exporting),
Export
will turn into
Download
.
Click
Download
and the GZ file will appear in your
downloads folder. Use file decompression software to extract the CSV
file(s).The columns in the CSV file are organized under the field names you use
in queries, not the column headers in the Explore UI. For example, the
DESTINATION USER
column in the UI
appears as dest_user
in the CSV file.View Log Details
It is possible for you to modify the log record summary table so that only some
log fields are shown in it. If you want to see a log record in its entirety,
click
:
: 
The
Log Details
window shows you the entire log record,
with individual log fields placed into logical groupings. If the firewall
generated other logs for the same session as the one you are viewing, you will
see a list of those logs. Select one of the logs to view its details. 