Forum Discussion

Julian's avatar
2 years ago

How to use the Audit Log Report Search Filter (binar)

I'm not having any luck using the AND, OR, and NOT operators in the Audit Log Report Search Filter.

I am trying to retrieve logs that indicate that alert has been disabled.

I'm able to return results with each of the following queries:
1. *getAlertEnable: update value=false*
2. *disable alerting on this instance*

I would like to OR them, but using the following query doesn't seem to work:
1. *getAlertEnable: update value=false* OR *disable alerting on this instance*

Am I going about this the wrong way?

Any help pointing me to relevant documentation or helping me solve this is greatly appreciated!

Thanks!

3 Replies

  • I'd reach out to support, but i'm pretty sure that level of logic isn't available in the search filters. Otherwise, they wouldn't have made such a big deal about that kind of search capability in LM logs.

  • Hi @Stuart Weenig,

    I appreciate your response. It may be that it's not supported and I will reach out to support.

    I've attached a screenshot below indicating that it should be supported, although there doesn't seem to be documentation detailing how to use it.

  • Sorry, I was thinking of the search box on the audit log page. Yeah, in a report, it should work. I imagine you'd need to surround the individual search terms in quotes with the OR between them:

    "getAlertEnable: update value=false" OR "disable alerting on this instance"