Skip to main content

Logs & Findings

Use the Findings page to view detailed event logs of AI usage and detections in your enterprise. You can filter the data by time range, attributes, and detection categories to focus on specific activity.

Filters defined on the Findings page that use supported attributes also apply to the Visibility page. This helps you correlate specific events and detections with visualized data flows.

Time-series chart

At the top of the page, below the filters, a time-series chart shows activity over time. Hover over any data point to view counts for the selected time interval. The chart groups data by the attributes you select on the Visibility page.

Logs table

The logs table displays events with columns for each attribute in an event log.

  • At the top of the table, you can select how many rows to show per page.
  • Click the gear icon (⚙️) in the top-right corner to add or remove columns.
  • Click a column header to sort by that attribute. An arrow icon shows the sort order (ascending or descending).
  • Drag the right edge of a column header to resize columns.
  • At the table bottom, use the pagination controls to navigate between pages.
  • Hover over table cells to:
    • View additional details, such as a status summary or a breakdown by detection type.
    • Click the plus icon () next to the value to add it as a filter.

Log details

Click a row in the logs table to view full details for an event. The row expands to show all event attributes, including those not visible in the table.

If a field (such as Guard Input or Findings) contains JSON data, you can explore it as an interactive JSON tree.

Filters

You can limit the data shown on the Findings page using filters.

You can filter by these dimensions:

  • Detections - Show only events that triggered detections defined in collector policies.
  • Time range - Show events within a specific time window.
  • Attribute values - Show events matching specific attributes, such as a particular user, application, or other AIDR entity of interest.

You can combine multiple dimensions in a single filter. For example, to find all events from the last 7 days that triggered a detection and involved a specific user, use the search bar:

  1. Select Last 7 Days in the date range dropdown.
  2. Click DETECTIONS.
  3. Click + Add Filter, then:

    1. Select Actor from the list of attributes.

    2. Select the contains operator.

    3. Enter jeffrey to search for a user with this value in their ID.

      When you place the cursor in the input, the console suggests the most common values from the last month of data, sorted by frequency. Each suggestion shows how often the value appeared (for example, Seen in 1.2K events).

  4. Click Update Filter to apply the search criteria.

Active filters appear as labels below the search bar. You can click a condition to edit the filter.

You can save the filters you define and reuse them later by clicking the save icon (💾).

tip:

Filters applied on the Findings page also affect the Visibility page, helping you correlate specific events and detections with visualized data flows.

Quick filters

You can quickly apply filters by clicking these elements on the Findings page:

  • DETECTIONS (button) - Limit the data to events that triggered a detection defined in your policies. Click ACTIVITY to remove this filter and return to the full event view.
  • Date range dropdown - Select a predefined time range from the dropdown next to the search bar. You can also use Set custom range to define and apply your own interval.

Use the search bar at the top of the page to create filters with specific attributes and operators. When you place your cursor in the field, a dropdown shows the available options. Select an attribute and operator, enter a value to match, and press Enter to apply the condition.

On the Findings page, you can type expressions that use OR logic within a condition. Multiple conditions combine with AND logic.

Table filters

From the logs table, you can:

  • Open a dialog to search by attribute values.
  • Apply a time range filter directly from a timestamp in an event.

Filter by attributes

To open the attribute filter dialog, click the funnel icon in a column header. You may need to drag the right edge of the column to reveal it.

In the dialog, you can build and apply a conditional expression using available attributes, connected with AND or OR logic.

Apply time range

You can apply a time range filter directly from the log table. Hover over a timestamp in a result row or in the expanded details view, then click the icon next to it to filter by that exact date or set it as the upper or lower limit of your range.

Filtered views

You can add multiple conditions combined with AND logic. Each condition is cumulative, helping you drill down into specific subsets of your data. On the Findings page, conditions can also be expressions that use OR logic.

Applied conditions appear as pills at the top of the Findings page, below the search bar. Click a condition to show the edit link, then use it to open the filter dialog and modify the condition.

To save the current filter set, click the save icon (💾) next to the filter dropdown in the top right of the Findings page. If there are unsaved changes, the icon appears yellow. After saving, it turns white.

Apply a saved filter set by selecting it from the filter dropdown.

To refresh the displayed data, click the refresh icon (🔄) next to the filter dropdown.

636 Ramona St Palo Alto, CA 94301

Guides
Services
SDKs & APIs

©2026 CrowdStrike. All rights reserved.

PrivacyYour Privacy ChoicesTerms of UseLegal Notices
Contact Us