SOCRadar Incidents Logs Raw logs from the SOCRadar incidents collector

Time Range -24h@h now

index=_internal source="*ta_socradar_incidents_socradar_incidents_collector.log*" | sort - _time $log_time.earliest$ $log_time.latest$ 30s 50 none 1 5 none progressbar raw