The View module provides real-time and historical access to all audit log data collected by LT Auditor MP. It is the primary tool for investigating suspicious activity, verifying that expected events are being captured, and exporting log data for further analysis or incident documentation.
Accessing the View module:
- In the main navigation menu, click View
- Select a saved view from the list, or create a new one
- The log table displays audit records matching your current filters and date range
Creating a new view:
If no saved views exist yet, or you need a view tailored to a specific purpose:
- Click Create View
- Configure the view settings:
- View Name โ a descriptive name for the view
- Description โ the purpose of this view
- Environment โ the monitored environment to display logs from
- Category โ the log category to focus on
- Default Date Range โ the initial date range shown when the view is opened
- Navigate to the Columns tab and select which fields to display:
- Drag columns to reorder them
- Set column widths for optimal display
- Enable sorting and filtering per column
- Click Save
Filtering events:
Quick filters:
- Use the filter bar at the top of the view
- Enter search terms in the quick search box
- Select filter criteria from the available dropdown menus
- Results update in real time as you type
Advanced filters:
- Click Advanced Filters
- Add one or more filter conditions:
- Select a field from the log schema (e.g., User, Event Type, Severity)
- Choose an operator (e.g., Equals, Contains, Starts With, Greater Than, Is Null)
- Enter a comparison value
- Combine conditions using AND/OR logic:
- AND โ all conditions must match
- OR โ any condition must match
- Nest condition groups for complex logic (e.g., (A OR B) AND (C OR D))
- Click Apply Filters
Date range filter:
- Use the date range picker at the top of the view
- Choose from:
- Quick ranges โ Today, Yesterday, Last 7 Days, Last 30 Days, etc.
- Custom range โ specific start and end dates
- Relative range โ dynamic ranges that update automatically (e.g., Previous Month)
- The log table refreshes automatically when the date range is changed
Searching log data:
Perform full-text searches across all collected log data:
- Enter search terms in the search box
- Choose the search scope:
- All Fields โ searches across every field in the log schema
- Specific Field โ searches within a single selected field
- Use search operators for more precise results:
| Operator | Usage | Example |
| AND | Both terms must appear | login AND failed |
| OR | Either term must appear | login OR logon |
| NOT | Exclude a term | login NOT success |
| Exact phrase | Match exact wording | “account locked” |
| Wildcard | Match partial terms | admin* |
- Press Enter or click Search
Sorting and navigating results:
- Click any column header to sort by that field
- Click again to reverse the sort direction
- Hold Shift and click multiple column headers for multi-level sorting
- Use the page size selector to control how many records display per page (20, 50, 100, or 200)
- Use Previous and Next to navigate between pages
Viewing full event details:
- Click on any log row in the table
- A detail panel opens showing:
- All Fields โ complete field values for the event
- Raw Log โ the original unprocessed log entry
- Metadata โ timestamp, source, and receiver information
- Related Logs โ links to related audit events
- Click Close to return to the table view
Exporting log data:
- Apply your desired filters and date range
- Click the Export button
- Choose an export format:
- CSV โ for use in Excel or data analysis tools
- Excel โ native Excel format with formatting applied
- PDF โ formatted document suitable for printing or sharing
- Configure export options:
- All Columns or Visible Columns Only
- Include or exclude column headers
- Set a maximum record limit if needed
- Click Download
For very large exports, the system may queue the export and deliver it via email when complete. For datasets that regularly require large exports, consider scheduling a report instead.
Saving and sharing views:
- Click Save at any time to save your current filter and column configuration as a named view
- Click Duplicate View to create a copy of an existing view as a starting point for a new one
- Click Share to share a view with other users or roles, with either View Only or Edit permissions
- Click the Star icon on any view to add it to your favorites for quick access
Auto-refreshing views:
For real-time monitoring, enable auto-refresh to keep the view updated automatically:
- Click the Auto-Refresh control
- Select a refresh interval: 5s, 10s, 30s, or 1 minute
- The view will reload at the selected interval
Use auto-refresh cautiously with large datasets or broad date ranges, as frequent reloads can impact performance.
Best practices:
- Set a reasonable default date range on saved views to avoid loading excessive data on open
- Display only the columns you need for faster load times
- Use named, saved views for recurring investigation tasks rather than rebuilding filters each time
- For large-scale data analysis, schedule a report rather than exporting directly from a view
- Use descriptive view names so other team members can understand the purpose at a glance
[Your administrator should create and share a set of standard views for common investigation scenarios so the team has a consistent starting point.]