Okta administrators can refine System Log searches by using existing event logs to populate the search filter. Expanding each log allows the use of the Actor, Event Info, and Targets columns, along with various values, to build specific queries.

• Okta Identity Engine (OIE)
• Okta Classic Engine
• System Log

How are Okta System Log searches refined using existing event logs?

Refine the System Log search by selecting specific event details in the Admin Console using the following steps:

1. Sign in to the Admin Console.
2. Navigate to Reports > System Log.
3. Find the System Log event to base the search on.
4. Click the Actor, Target, or Event to populate the search filter based on that information. For example, click the "Test User" Actor.

• Clicking an element automatically populates the search bar with the filter for that specific Actor.
   

• Repeat the previous steps to populate the search bar with a specific Target or Event Information, including expanded event information from the specific log, and combine the filters to create a more specific filter.

Related References

• Getting Started with the Okta System Log
• Operators
• System Logs Event Types