Searching Logs

This topic describes how to search your logs using the Search page.

Required IAM Policy

To use Oracle Cloud Infrastructure, you must be granted security access in a policy  by an administrator. This access is required whether you're using the Console or the REST API with an SDK, CLI, or other tool. If you get a message that you don’t have permission or are unauthorized, verify with your administrator what type of access you have and which compartment  you should work in.

Administrators: For specific examples of policy, see Required Permissions for Searching Logs.

If you're new to policies, see Getting Started with Policies and Common Policies. If you want to know more about writing policies for Logging, see Details for Logging.

Required Permissions for Searching Logs

To search indexed logs, a user must have the read permission on the log content and read access to the log group.

allow group GroupA to read log-groups in tenancy
allow group GroupA to read log-content in tenancy

To search indexed logs, you must have access to the log group that contains the indexed logs. For more information, see Required Permissions for Working with Logs and Log Groups.

To view and search Audit Logs, you must also have the corresponding Audit-related permissions. See Details for the Audit Service for more information. For example:

  • search "compartment" requires AUDIT_EVENT_READ, and if there are any log objects, it would also require LOG_CONTENT_READ
  • search "compartment/_Audit" requires just AUDIT_EVENT_READ.
  • search "compartmentOcid/logGroupNameOrOcid/logNameOrOcid" requires LOG_CONTENT_READ only.
  • search "compartmentOcid1/_Audit" "compartmentOcid2/logGroupNameOrOcid/logNameOrOcid" requires LOG_CONTENT_READ on compartmentOcid2 and AUDIT_EVENT_READ on compartmentOcid1.