How to use the Audit Log Report Search Filter (binar)

  • 9 December 2022
  • 3 replies

I'm not having any luck using the AND, OR, and NOT operators in the Audit Log Report Search Filter.

I am trying to retrieve logs that indicate that alert has been disabled.

I'm able to return results with each of the following queries:
1. *getAlertEnable: update value=false*
2. *disable alerting on this instance*

I would like to OR them, but using the following query doesn't seem to work:
1. *getAlertEnable: update value=false* OR *disable alerting on this instance*

Am I going about this the wrong way?

Any help pointing me to relevant documentation or helping me solve this is greatly appreciated!


3 replies

Userlevel 7
Badge +17

I'd reach out to support, but i'm pretty sure that level of logic isn't available in the search filters. Otherwise, they wouldn't have made such a big deal about that kind of search capability in LM logs.

Hi @Stuart Weenig,

I appreciate your response. It may be that it's not supported and I will reach out to support.

I've attached a screenshot below indicating that it should be supported, although there doesn't seem to be documentation detailing how to use it.

Userlevel 7
Badge +17

Sorry, I was thinking of the search box on the audit log page. Yeah, in a report, it should work. I imagine you'd need to surround the individual search terms in quotes with the OR between them:

"getAlertEnable: update value=false" OR "disable alerting on this instance"