Skip to main content
Initiate a search for logs or events and retrieve a task ID that can be used in the Get Search Results action to retrieve the search results.
External DocumentationTo learn more, visit the LogRhythm documentation.

Basic Parameters

ParameterDescription
Maximum Messages To IndexThe amount of results to be indexed.
Query Event ManagerSelect to search events or logs.
Query Log SourcesA comma-separated list of message source IDs to filter results by.
Query TimeoutThe time interval for the search to time-out.
Search ModeThe grouping and sort order.

Advanced Parameters

ParameterDescription
Date Criteria Last Interval ValueThe numeric amount for the selected time unit.
End DateThe end of the timeframe to search results from.
Filter - Field OperatorThe condition to put amongst the field filters.
Filter - Group OperatorThe operator to be applied among multiple filter groups.
Filter - ItemsThe items to filter by. For more information about using this parameter, refer to Logrhythm’s documentation.
Filter - Message Filter TypeThe format of the search results.
Filter - ModeSelect whether to filter in or filter out the results.
Filter - TypeThe type of the filter.
Last Interval UnitThe time unit used to define the search period.
Log Source IDsA comma-separated list of log source IDs to filter results by.
Start DateThe start of the timeframe to search results from.
Use Inserted DateChoose whether to filter the results by time, or leave both options unselected to disable time filtering.

Example Output

{
	"taksId": 0,
	"taskStatus": "string",
	"responseMessage": "string",
	"statusMessage": "string",
	"statusCode": 0
}

Workflow Library Example

Initiate Search with Logrhythm and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop