Skip to main content

Hi Team, 

How do I comment something (text or numbers or both) in the raw log search/scan in chronicle SIEM?
for example.

INC897 (This is incident number which should be commented out)

192.76.0.2(my search query)

in UDM search, it can be done using //INC897, however, im not sure how to achieve this in raw log search. please assist me on this.

Thanks

I don't believe this is supported in raw log scan today. It will be supported in raw log search. This is on the roadmap, but not yet GA - https://cloud.google.com/chronicle/docs/preview/search/raw-log-search-in-investigate

Terms & ConditionsCookie settingsAccessibility statement
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.