When viewing system events under alerts, you can use the keywords in this section to search and filter.
Note that event records are retained for one year.
Use the syntax
action:<text> to search by the action which caused the event.
The timestamp fields
created_at can be searched using the syntax
created_at:<term>. The term supports the standard runZero time comparison syntax.
The details in the event record can be searched using the syntax
details:<text>. This can be useful for searching for IP addresses.
Source and target name
The source (src) column can be searched using the syntax
source:<text>. The target (tgt) column can be searched using
Source and target type
The source type (shown at the start of the src column) can be searched using the syntax
Similarly, the target type can be searched using
Organization, site, source and target IDs
The IDs of organizations, sites, sources and targets mentioned in event details can be searched using the following search terms:
The IDs are unique and are written as UUIDs.