Chronicle SIEM raw log search

Question

Hi Team, 
How do I comment something (text or numbers or both) in the raw log search/scan in chronicle SIEM?for example.
INC897 (This is incident number which should be commented out)
192.76.0.2(my search query)
in UDM search, it can be done using //INC897, however, im not sure how to achieve this in raw log search. please assist me on this.
Thanks

cmorris · Accepted Answer

I don't believe this is supported in raw log scan today. It will be supported in raw log search. This is on the roadmap, but not yet GA - https://cloud.google.com/chronicle/docs/preview/search/raw-log-search-in-investigate

Reply

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded