New Log Search

InsightIDR's new Log Search offers faster load times, smoother navigation, and new search functionality. Based on internal testing, New Log Search is three times faster when loading a selected log set into Log Search, and 50% faster at generating results from a query that leverages the GroupBy function.

Note: Load times and result generation will vary depending on your environment's data volume and composition.

A look into the new user experience

View the annotated image for a quick overview of the changes to the user interface in New Log Search.

Image key

Here's a list of the changes highlighted in the annotated overview image:

1. Advanced mode only: New Log Search offers the ability to query in Advanced mode only.
2. Order: You can now order your query results by newest ingestion time first. New Log Search will order your query results by newest ingestion time first by default, and will persist your order selection for future logins.
3. Run: New Log Search requires you to select Run or press the Return key to run a query.
4. Quick Data and Analysis tab navigation: You can now quickly switch between your Data and Analysis tabs for fast understanding of your query's results.
5. Settings: Use the Settings dropdown to select your data view. Table, Condensed, and JSON formats are available.
6. Export to CSV: Click the arrow to export your log data to CSV.
7. Context menu: Leverage the context menu in your Results table and Bar chart view for fast query building.
8. Click-and-drag timeline: Click and drag along your query's timeline to magnify a specific period of your query's time range.
9. Always-open feedback: Share feedback with the InsightIDR Log Search team anytime.

Export your Log Search data to CSV

You can now download a CSV file of your query results in Log Search Open Preview. The download contains up to 1 million parseable log lines, and will appear in Table View format. Both unstructured logs and log lines over 1 million will be excluded from your CSV download.

Only one export for each organization can be processed at a time. You can view your CSV exports and their download status in your Settings > Log Search > Exports.

Note: All keys available in your selected log set(s) will be included in your CSV download.

Customize the view of your query data

In the Settings dropdown of the Data tab, select Edit Keys to modify the log data displayed in Table View, JSON Format, and Condensed Format.

Note: Your selected keys will persist until you change your log set selections in the Log Sources panel.

Image key

In the Edit Keys modal, you can select and remove keys to best fit your needs.

1. Available Keys: Includes all of the keys in the log's schema and any keys that are not listed in the log's schema but are referenced in the log data.
2. Keys List: To view a key in your results, click Select to move it from Available to Selected.
3. Selected Keys: Includes all of the keys that appear in your original search results. To remove a key from your results and move it from Selected to Available, click Remove .
4. Add or remove all keys: To move all of the Available keys to your Selected keys, click the right arrow. To move all of your Selected keys back to the list of Available keys, click the left arrow.
5. Apply or Restore your selections: To apply your selections to your log data, click Apply. To discard your changes and display only the keys that were originally present in your results, click Restore to Default.