Syslog Search
Use the Syslog Search page to generate searches on specific technical support information that relates to your IdentityIQ installation.
Note
This tab is used primarily to determine specific support information that SailPoint IdentityIQ support engineers can use for troubleshooting issues.
Search results can be saved as reports to reuse at a later time. When you save a search as a report, you can schedule the search on a continuing basis for monitoring and tracking purposes. See Report Use(LINK IN DOC).
Use Advanced Search to create detailed, multi-layered filters to identify specific populations of users in your enterprise. To create complex queries into your Identity Cubes, you can create multiple filters and then group and layer them using And / Or operations.
See Using Advanced Search Options.
When a previous search is saved to use later, the Saved Searches section displays at the top of the page. A saved search has the following information:
| Field | Description |
| Saved Searches: | |
| Search Name | The names of past searches that you saved to reuse at a later time. To view the search results page, click the name of the saved search to view the search results page. These Saved Searches are only available for your use. To make identity searches available to users with Report access, save the search as a report. |
| Loaded Saved Search: | |
| The name and description of your current saved query. | |
Syslog Search Criteria
Specify the search criteria and columns to display and click Run Search to display the search results. From the search results page you can review the results of your search and save the search. See Search Results.
The Syslog Search page has the following information:
| Criteria | Description |
| Current Search: | |
| Run Search | Run the search with the criteria displayed on the current page. |
| Clear Search | Clear all query options. |
| Syslog Attributes: | |
| Incident Code | The ID associated with the logged exception. If the exception can be viewed in the UI, the ID is at the end of the message. The Incident Code assists help desk personnel to locate the exact exception. |
| Server | Name of the server running the code where exception was encountered. This information is helpful in clustered environments. |
| Level | Indicates the level of the logged exception. SailPoint supports logging WARN, ERROR, and FATAL to the IdentityIQ database. Lower levels are logged using log4j4 if configured, but are not saved to the Syslog table in the database. |
| Username | User who was performing the action when the exception was encountered and logged. The username can be an individual user or a system. |
| Classname | Class in which the exception was encountered. |
| Message | The message included in the exception. |
| Line | The line of code executed when exception occurred. |
| Thread Name | The thread of code executed when the exception was encountered. |
| Filter by Date: | |
| Start Date | Include information on events that occurred on or after this date in the search results. You can type the date manually or click the [...] icon to select a date from the calendar. |
| End Date | Include information on events that occurred on or before this date in the search results. You can type the date manually or click the [...] icon to select a date from the calendar. |
| Fields to Display | Specify the information displayed on the Syslog Search Results page associated with this search. Each field defines a column on the results table. You must select at least one field to display on the results page. |