Search Events
Search all events in a repository.
Basic Parameters
| Parameter | Description |
|---|---|
| Query | The query that's used to search for events. For more information about LogScale queries. |
| Repository Name | The name of the repository. |
Advanced Parameters
| Parameter | Description |
|---|---|
| End time | The end time of the query. Date in either unix time or relative time. |
| Start time | The start time of the query. Date in either unix time or relative time. |
| Timezone Offset | Timezone offset in minutes. |
Example Output
[
{
"#type": "string",
"datetime": "string",
"#repo": "string",
"sha256": "string",
"@sourcetype": "string",
"md5": "string",
"#error": "string",
"parentprocess": "string",
"@source": "string",
"@timestamp.nanos": "string",
"@id": "string",
"commandline": "string",
"sha1": "string",
"@ingesttimestamp": "string",
"parentgroup": "string",
"@timestamp": 1713967005914,
"path": "string",
"hostname": "string",
"@error": "string",
"username": "string",
"event": "string",
"execution_type": "string",
"@error_msg[0]": "string",
"@error_msg": "string",
"filename": "string",
"publisher": "string",
"@host": "string",
"@timezone": "string",
"@event_parsed": "string",
"group": "string"
}
]
Workflow Library Example
Search Events with Falcon Logscale and Send Results Via Email
Preview this Workflow on desktop