Documentation forSecurity Event Manager

Search raw log messages using nDepth search in SEM

If the nDepth log retention option is enabled, you can use nDepth to view and search your original, non-normalized log messages on the SEM Console. For details, see About raw log retention.

To view and search original log messages using nDepth

  1. Open the SEM legacy Flash console. See Log in to the SEM web console for steps.

    Log in as an administrator or an auditor.

  2. On the SEM menu bar, navigate to Explore > nDepth.

  3. On the far right of the search box, move the switch from Events to Log Messages.

    This switch only appears if SEM is configured to store original log messages.

  4. Construct an nDepth search as you would for normalized alerts:

    • Drag Refine Fields components into the search box.

    • Switch the search method from Drag & Drop Mode to Text Input Mode on the left of the search box, and then enter your search conditions in plain text.

    See Search normalized data using nDepth search in SEM for help.

  5. Click Search.