How to use the Audit Log Report Search Filter (binar)

Question

I'm not having any luck using the AND, OR, and NOT operators in the&nbsp;Audit Log Report Search Filter.

I am trying to retrieve logs that indicate that alert has been disabled.

I'm able to return results with each of the following queries:
	1. *getAlertEnable: update value=false*
	2. *disable alerting on this instance*
	I would like to OR them, but using the following query doesn't seem to work:
	1. *getAlertEnable: update value=false* OR *disable alerting on this instance*

Am I going about this the wrong way?

Any help pointing me to relevant documentation or helping me solve this is greatly appreciated!

Thanks!

anonymous · Answer

I'd reach out to support, but i'm pretty sure that level of logic isn't available in the search filters. Otherwise, they wouldn't have made such a big deal about that kind of search capability in LM logs.

julian · Answer

Hi @Stuart Weenig,

I appreciate your response. It may be that it's not supported and I will reach out to support.

I've attached a screenshot below indicating that it should be supported, although there doesn't seem to be documentation detailing how to use it.

anonymous · Answer

Sorry, I was thinking of the search box on the audit log page. Yeah, in a report, it should work. I imagine you'd need to surround the individual search terms in quotes with the OR between them:

"getAlertEnable: update value=false" OR "disable alerting on this instance"

Forum Discussion

How to use the Audit Log Report Search Filter (binar)

3 Replies

Recent Discussions

Dark Theme?

No instances on API response

exception:groovy.lang.MissingMethodException: No signature of method:

ServiceNow Integration - Auto closing alerts

Could you please guide me on how I can manage the usage of LM logs?