The Event Search view shows the endpoint event data based on the currently selected filtering rules.
Note: To change columns that are visible in the Event Search view, use either the Visible columns menu or open event details and then select 
to add the new column to the table.
To search for events:
-
- Select the Event Search tab.
The Event Search view shows you a list of events that are found with currently selected filter view.
Note: The system default filter view may have no events to display.
-
- In the Organization field, select the organization that you want to search.
- In the Created Estimate field, choose the time period that you want to search. The filtered results will show only events that were created during the selected time frame.
Note: To search for events from specific dates, select the Custom option from the drop-down menu and then enter dates in the Absolute field.
- Filter events based on the event type, operating system, or device name, for example.
-
- In Filter, first select the filter to use and then enter the filter value.
With some filters, select whether you want to see events that either contain the filter value, are exactly the same as it is or do not contain the entered value.
- Select Add to add the new filter.
-
Add as many filters as you need to refine your search.
-
- In the Search events field, enter a text string that should be found in the event.
For example, you can search for processes or specific command-line arguments.
- In the filtered results table, use down arrow icons to expand event entries and to view detailed information about the specific event.