Search raw log messages using nDepth search in LEM

If the nDepth log retention option is enabled, you can use nDepth to view and search your original, non-normalized log messages in the LEM console. For details, see About nDepth log retention.

To view and search original log messages using nDepth

  1. Open the LEM console. See Log in to the LEM web console or Log in to the LEM desktop console for steps.

    Log in as an administrator or an auditor.

  2. On the LEM toolbar, navigate to Explore > nDepth.

  3. On the far right of the search box, move the switch from Events to Log Messages.

    This switch only appears if LEM is configured to store original log messages.

  4. Construct an nDepth search as you would for normalized alerts:

    • Drag Refine Fields components into the search box.

    • Switch the search method from Drag & Drop Mode to Text Input Mode on the left of the search box, and then enter your search conditions in plain text.

    See Search normalized data using nDepth search in LEM for help.

  5. Click Search.