Documentation forSecurity Event Manager

Search and filter historical event logs

The SEM Events Console includes an advanced search capability to access your aggregated event logs based on existing Live Mode filter values and a specified time range. To set your search parameters, click Historical Search, enter a specific keyword, and then open the custom time picker to set your time frame. You can further refine your search by changing the keyword in the search field.

  1. In the SEM Events Console Live Filter field, enter one or more keywords, and then click Historical Search.

  2. When you click Historical Search, the search is initiated with the most recent filter values used in Live Mode. Changing the selection in the Filters cancels the search and returns to Live Mode.

  1. To set your time range, select a quick pick option, or use the custom time picker.

    In the search field, you can also modify your keywords.

  2. Click Search. The records display based on the search keyword and selected time range.

    To modify the historical search parameters, click the current filter values.

  3. To return to Live Mode, click the toggle button. The live event stream resumes using the last search filter you applied.