Cloud Security Plus enables you to search the log data collected from your cloud account.

Steps to perform a search:

  1. From the drop-down list, choose the cloud account whose logs you wish to search.
  2. Select the specific time period.
  3. In the provided space, enter the search term.
  4. Click on “Search.

Search terms:

  1. Specific field search: Type the field name followed by = and then the term you are looking for. Example: eventName = ConsoleLogin
  2. Multiple character wildcard search: Use the " * " symbol. Example: To list all the "describe" events, enter eventName = Describe*
  3. hrase searches: Enclose the phrase in double quotes.
  4. Boolean searches: Use the operators AND, OR, NOT. Example: To list all the successful events enter NOT errorCode = null
  5. Grouped searches: To list all the successful update events enter NOT errorCode = null AND (eventName = add* OR eventName = put* OR eventName = update*)
  6. Range searches: Search for a range of values using square brackets. Example: bytesSent = [ 2000 TO 3000 ] will return all the logs (S3 server access) with 'Bytes sent' between 2000 and 3000.