From 9bff6c02a091b5aa1d0305d4f3e6fca61515b5c5 Mon Sep 17 00:00:00 2001 From: John Pipkin Date: Thu, 21 Nov 2024 09:29:11 -0600 Subject: [PATCH] Add asterisk --- docs/cse/administration/cse-audit-logging.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/cse/administration/cse-audit-logging.md b/docs/cse/administration/cse-audit-logging.md index 0f138dc672..b36ab287cc 100644 --- a/docs/cse/administration/cse-audit-logging.md +++ b/docs/cse/administration/cse-audit-logging.md @@ -37,7 +37,7 @@ UseĀ  `_index=sumologic_system_events` to limit results to events related to sys You can use the `subsystem` field, which every event log contains, to limit the events returned to Cloud SIEM-related events: -`subsystem=cse` +`subsystem=cse*` For information about other fields you can use in Audit Index searches, see auto-generated documentation at the documentation URL for your deployment. @@ -122,7 +122,7 @@ To search the Audit Event Index or System Event Index for logs that describe Clo ```sql _index=sumologic_system_events | json auto - | where subsystem="cse" + | where subsystem="cse*" ``` 3. Choose the time range for your search. 4. Click **Start** to run the search.