Skip to main content

Logs & Findings

The Findings page helps you view the detailed event logs of AI usage and detections in your enterprise. You can filter the data by time range, attributes, and detection categories to focus on specific activity.

Filters defined on the Findings page that use supported attributes also apply to the Visibility page. This helps you correlate specific events and detections with visualized data flows.

Time-series chart

At the top of the page, below the filters, a time-series chart shows activity over time. Hover over any data point to view counts for the selected time interval. The data is grouped by the attributes selected on the Visibility page.

Logs table

The logs table displays events with columns for each attribute in an event log.

  • At the top of the table, select how many entries to display and how many rows to show per page.
  • Click the ⚙️ icon in the top-right corner to add or remove columns.
  • Click a column header to sort by that attribute. An arrow icon shows the sort order (ascending or descending).
  • Drag the right edge of a column header to resize columns.
  • At the table bottom, use the pagination controls to navigate between pages.
  • Hover over table cells to view additional details, such as a status summary or a breakdown by detection type.

Log details

Click a row in the logs table to view full details for an event. The row expands to show all event attributes, including those not visible in the table.

If a field (such as Guard Input or Findings) contains JSON data, the interface displays it as an interactive JSON tree.

Filters

You can limit the data shown on the Findings page using filters.

You can filter by these dimensions:

  • Detections - Show only events that triggered detections defined in collector policies.
  • Time range - Show events within a specific time window.
  • Attribute values - Show events matching specific attributes, such as a particular user, application, or other AIDR entity of interest.

Filtering criteria can combine multiple dimensions. For example: "Show me all events from the last 7 days that triggered a detection and involved a specific user." Submit this query using the search bar:

  1. Select Last 7 Days in the date range dropdown.
  2. Click DETECTIONS.
  3. Type in user, then select user_id contains, and add jeffrey to search for a user with this value in their ID.

You can save the filters you define and reuse them later by clicking the save icon (floppy disk).

tip:

Filters applied on the Findings page also affect the Visibility page, helping you correlate specific events and detections with visualized data flows.

Quick filters

You can quickly apply filters by clicking these elements on the Findings page:

  • DETECTIONS (button) - Limit the data to events that triggered a detection defined in your policies. Click ACTIVITY to remove this filter and return to the full event view.
  • Date range dropdown - Select a predefined time range from the dropdown next to the search bar. You can also use Set custom range to define and apply your own interval.

Use the search bar at the top of the page to create filters with specific attributes and operators. When you place your cursor in the field, a dropdown shows the available options. Select an attribute and operator, enter a value to match, and press Enter to apply the condition.

On the Findings page, you can type expressions that use OR logic within a condition, while multiple conditions are combined with AND logic.

Table filters

Using the controls in the logs table, you can:

  • Open a dialog to search by attribute values.
  • Apply a time range filter directly from a timestamp in an event.

Filter by attributes

To open the attribute filter dialog, click the funnel icon in a column header. You may need to drag the right edge of the column to reveal it.

In the dialog, you can build and apply a conditional expression using available attributes, connected with AND or OR logic.

Apply time range

You can apply a time range filter directly from the log table. Hover over a timestamp in a result row or in the expanded details view, then click the icon next to it to filter by that exact date or set it as the upper or lower limit of your range.

Filtered views

You can add multiple conditions combined with AND logic. Each condition is cumulative, helping you drill down into specific subsets of your data. On the Findings page, conditions can also be expressions that use OR logic.

Applied conditions appear as pills at the top of the Findings page, below the search bar. Click a condition to show the edit link, then use it to open the filter dialog and modify the condition.

To save the current filter set, click the 💾 icon next to the filter dropdown in the top right of the Findings page. If there are unsaved changes, the icon appears yellow. After saving, it turns white.

Apply a saved filter set by selecting it from the filter dropdown.

To refresh the displayed data, click the 🔄 icon next to the filter dropdown.

Was this article helpful?

Contact us

636 Ramona St Palo Alto, CA 94301

Guides
Services
SDKs & APIs

©2025 CrowdStrike. All rights reserved.

PrivacyYour Privacy ChoicesTerms of UseLegal Notices
Contact Us