Skip to content
LogoLogScale DocumentationFull Library Knowledge Base Release Notes Integrations Training API GraphQL API Contacting Support
help

Versions of this Page

    • Cloud Overview
    • Getting Started
    • Instance Administration
      • Cluster statistics
      • S3 Archiving for LogScale Cloud
      • Data Retention
      • LogScale Internal Logging
      • Log LogScale to LogScale
      • LogScale SaaS Upgrades
      • Ingest Usage Management
        • What's Measured
          • Measurement Repositories
        • Measure Data Ingest
        • Optimize Ingestion
          • Best Practices to Optimize Data Ingestion
        • Monitor Usage
      • Dynamic Configuration Parameters
        • AggregatorOutputRowLimit
        • AstDepthLimit
        • BucketStorageKeySchemeVersion
        • BucketStorageUploadInfrequentThresholdDays
        • BucketStorageWriteVersion
        • CancelQueriesExceedingAggregateOutputRowLimit
        • defaultDigestReplicationFactor
        • defaultSegmentReplicationFactor
        • DelayIngestResponseDueToIngestLagScale
        • DelayIngestResponseDueToIngestLagMaxFactor
        • DelayIngestResponseDueToIngestLagThreshold
        • DisableNewRegexEngine
        • FdrEnable
        • FdrExcludedNodes
        • FdrMaxNodes
        • FlushSegmentsAndGlobalOnShutdown
        • GraphQLSelectionSizeLimit
        • GraphQlDirectivesAmountLimit
        • GroupDefaultLimit
        • GroupMaxLimit
        • IngestFeedAwsDownloadMaxObjectSize
        • IngestFeedAwsProcessingDownloadBufferSize
        • IngestFeedAwsProcessingEventBufferSize
        • IngestFeedAwsProcessingEventsPerBatch
        • IngestFeedGovernorRateOverride
        • IngestFeedGovernorIngestDelayHigh
        • IngestFeedGovernorIngestDelayLow
        • JoinRowLimit
        • LiveAdhocTableUpdatePeriodMinimumMs
        • LiveQueryMemoryLimit
        • LookupTableSyncAwaitSeconds
        • MatchFilesMaxHeapFraction
        • MaxCsvFileUploadSizeBytes
        • MaxIngestRequestSize
        • MaxJsonFileUploadSizeBytes
        • MaxOpenSegmentsOnWorker
        • ParserBacktrackingLimit
        • QueryBacktrackingLimit
        • QueryCoordinatorMaxHeapFraction
        • QueryCoordinatorMemoryLimit
        • QueryMemoryLimit
        • QueryPartitionAutoBalance
        • QueryResultRowCountLimit
        • RdnsDefaultLimit
        • RdnsMaxLimit
        • ReplaceANSIEscapeCodes
        • StateRowLimit
        • StaticQueryFractionOfCores
        • TableCacheMaxStorageFraction
        • TableCacheMaxStorageFractionForIngestAndHttpOnly
        • TargetMaxRateForDatasource
        • UnauthenticatedGraphQLSelectionSizeLimit
        • UndersizedMergingRetentionPercentage
        • Getting Dynamic Configuration List
        • Setting a Dynamic Configuration Value
    • Organization Essentials
      • Organization Settings
      • Organization Query Monitor
        • Query Stats
        • Query Details
        • Query Clients
        • Block & Kill
      • Blocking Queries
        • Add Query to Blocklist
        • Blocked Query Indications
    • Configuring Security
      • Tokens in LogScale
      • IP Filters
        • IP Filter Rules
        • Managing IP Filters
        • Creating an IP Filter
        • Editing an IP Filter
      • Security Policies
        • Dashboard Security Policies
        • API Token Security Policies
          • Behavior When Changing Token Security Policies
          • Personal API Token Security Policy
          • Repository and View API Tokens Security Policy
          • Organization API Tokens Security Policies
        • Actions Security Policies
        • Changing Actions Security Policies
          • Email Action Security Policy
          • OpsGenie Action Security Policy
          • PagerDuty Action Security Policy
          • Slack Action Security Policy
          • Upload file Action Security Policy
          • LogScale repository Action Security Policy
          • VictorOps Action Security Policy
          • Custom webhook actions Action Security Policy
      • API Tokens
        • Using API Tokens
          • Using an Expired API Token
          • Using an IP Filtered API Token
        • Repository and View API Tokens
          • Viewing Repository Tokens
          • Creating Repository API Tokens
          • Managing Repository API Tokens
        • Organization API Tokens
          • Viewing Organization API Tokens
          • Creating Organization API Tokens
          • Managing Organization API Tokens
      • Session Management
      • Audit Logging
    • Authentication & Identity Providers
      • SAML Authentication
        • Active Dir. Federation Svc.
        • Azure Active Dir.
        • Duo Security
        • Okta
        • PingFederate
      • OpenID Connect
    • Users & permissions
      • Permission Levels
      • Manage Users
        • Edit a User
        • Manage User Roles
        • Remove a User
      • Manage Groups
        • Group Roles
        • Group Memberships
        • Group Synchronization
      • Manage Roles
      • Default Role Permissions
      • Repository & View Permissions
      • Organization Admin. Permissions
      • Supported Functionality
      • Functionality Requirements
    • Ingesting Data
      • Log Shippers
      • Backfilling Data
      • Disabling Ingestion
      • Ingest FDR Data
        • Troubleshooting FDR Ingest
      • Ingest Tokens
      • Ingest Data from AWS S3
        • Set up a New Ingest Feed
        • Edit Ingest Feed Configuration
        • Delete an Ingest Feed
        • Enable and Disable Ingest Feeds
    • LogScale URLs & Endpoints
    • Limits & Standards
    • Data Analysis Overview
    • LogScale User Interface
      • Managing Your Account
    • Repositories & Views
      • Create Repository or View
      • Repository and View Settings
      • Falcon LTR Repositories
      • Lookup Files
      • Delete Repositories & Views
    • Parsing Data
      • Built-in Parsers
      • Creating a Parser
      • Ingest Tokens
      • Parser Errors
      • Removing Fields
      • Event Tags
      • Parsing Timestamps
    • Searching Data
      • Query Editor
      • Event Fields
      • Display Fields
      • Select & Filter
      • Adding & Removing Fields
      • Inspect Events
      • Show in Context
      • Format Columns
      • Column Properties
      • Field Data Types
      • Field Interactions
      • Different Visuals
      • Highlight Filter Match
      • Change Time Interval
      • Set Time Zone
      • Save Searches
      • Export Data
      • Event Display Methods
      • Search Status
      • Event List Interactions
      • Field Aliasing
        • Configuring Field Aliasing
        • Managing Field Aliasing
        • Searching with Field Aliasing
        • Understanding Field Mapping Requirements
        • Understanding Schema Requirements
    • Writing Queries
      • Basic Query Principles
      • Managing Queries
      • Common Queries
      • Writing Better Queries
      • Query Readability & Better Usage
      • Example Queries
    • Query Language Syntax
      • Comments
      • Query Filters
      • Operators
      • Adding Fields
      • User Parameters/Variables
      • Conditional Evaluation
      • Array Syntax
      • Expressions
      • Function Syntax
      • Time Syntax
        • Supported Timezones
        • Relative Time Syntax
      • Regular Expression Syntax
        • Regular Expression Syntax Patterns
        • Unsupported Regular Expression Patterns
        • Regular Expression Flags
        • LogScale Regular Expression Engines
        • Differences from Other Regex Implementations
    • Query Joins and Lookups
      • Types of Join
      • Join Methods
      • Using Ad-hoc Tables
      • Using Lookup Files
        • Using the readFile() Function
        • Using the match() Function
      • Using join() or selfJoin()
        • Using the join() Function
        • Using the selfJoin() Function
        • Join Operation and Optimization
    • Query Functions
      • Function Types and Arguments
      • Aggregate Query Functions
      • Array Query Functions
      • Comparison Query Functions
      • Conditional Query Functions
      • Event & Data Manipulation Query Functions
      • Filtering Query Functions
      • Formatting Query Functions
      • Geolocation Query Functions
      • Hash Query Functions
      • Join Query Functions
      • Math Query Functions
      • Network & Location Query Functions
      • Parsing Query Functions
      • Regular Expression Query Functions
      • Security Query Functions
      • Statistics Query Functions
      • String Query Functions
      • Time & Date Query Functions
      • Widget Query Functions
      • array:append()
      • array:contains()
      • array:drop()
      • array:eval()
      • array:filter()
      • array:intersection()
      • array:length()
      • array:reduceAll()
      • array:reduceRow()
      • array:reduceColumn()
      • array:regex()
      • array:rename()
      • array:union()
      • asn()
      • avg()
      • base64Decode()
      • beta:param()
      • beta:repeating()
      • bitfield:extractFlags()
      • bitfield:extractFlagsAsArray()
      • bitfield:extractFlagsAsString()
      • bucket()
      • callFunction()
      • coalesce()
      • cidr()
      • collect()
      • communityId()
      • concat()
      • concatArray()
      • copyEvent()
      • count()
      • counterAsRate()
      • createEvents()
      • crypto:md5()
      • crypto:sha1()
      • crypto:sha256()
      • default()
      • defineTable()
      • drop()
      • dropEvent()
      • duration()
      • end()
      • eval()
      • eventFieldCount()
      • eventInternals()
      • eventSize()
      • fieldset()
      • fieldstats()
      • findTimestamp()
      • format()
      • formatDuration()
      • formatTime()
      • geography:distance()
      • geohash()
      • getField()
      • groupBy()
      • hash()
      • hashMatch()
      • hashRewrite()
      • head()
      • if()
      • in()
      • ioc:lookup()
      • ipLocation()
      • join()
      • json:prettyPrint()
      • kvParse()
      • length()
      • linReg()
      • lookup()
      • lower()
      • lowercase()
      • match()
      • math:abs()
      • math:arccos()
      • math:arcsin()
      • math:arctan()
      • math:arctan2()
      • math:ceil()
      • math:cos()
      • math:cosh()
      • math:deg2rad()
      • math:exp()
      • math:expm1()
      • math:floor()
      • math:log()
      • math:log10()
      • math:log1p()
      • math:log2()
      • math:mod()
      • math:pow()
      • math:rad2deg()
      • math:sin()
      • math:sinh()
      • math:spherical2cartesian()
      • math:sqrt()
      • math:tan()
      • math:tanh()
      • max()
      • min()
      • objectArray:eval()
      • now()
      • parseCEF()
      • parseCsv()
      • parseFixedWidth()
      • parseHexString()
      • parseInt()
      • parseJson()
      • parseLEEF()
      • parseTimestamp()
      • parseUri()
      • parseUrl()
      • parseXml()
      • percentile()
      • range()
      • rdns()
      • regex()
      • readFile()
      • rename()
      • replace()
      • round()
      • sample()
      • sankey()
      • select()
      • selectFromMax()
      • selectFromMin()
      • selectLast()
      • selfJoin()
      • selfJoinFilter()
      • series()
      • session()
      • setField()
      • shannonEntropy()
      • sort()
      • split()
      • splitString()
      • start()
      • stats()
      • stdDev()
      • stripAnsiCodes()
      • subnet()
      • sum()
      • table()
      • tail()
      • test()
      • text:contains()
      • time:dayOfMonth()
      • time:dayOfWeek()
      • time:dayOfWeekName()
      • time:dayOfYear()
      • time:hour()
      • time:millisecond()
      • time:minute()
      • time:month()
      • time:monthName()
      • time:second()
      • time:weekOfYear()
      • time:year()
      • timeChart()
      • tokenHash()
      • top()
      • transpose()
      • unit:convert()
      • upper()
      • urlDecode()
      • urlEncode()
      • wildcard()
      • window()
      • worldMap()
      • writeJson()
      • xml:prettyPrint()
    • Dashboards & Widgets
      • Create Dashboards and Widgets
      • Manage Widgets
      • Manage Dashboards
      • Edit Dashboards
      • Organize Information on Dashboards
        • Sections
      • Work with Time on Dashboards
        • Shared Time Selector
        • Widget Time Selector
        • Section Time Selector
        • Live Dashboards
        • Time Zone Settings
        • Default Time Settings for Dashboards
      • Manage Dashboard Parameters
      • Manage Dashboard Interactions
      • Export Dashboards as PDF
        • PDF Export Options
      • Widgets
        • Bar Chart Widget
        • Event List Widget
        • Gauge Widget
        • Heat Map Widget
        • Note Widget
        • Parameter Panel Widget
        • Pie Chart Widget
        • Sankey Diagram Widget
        • Scatter Chart Widget
        • Single Value Widget
        • Table Widget
        • Time Chart Widget
        • World Map Widget
        • Embedding iFrame Widgets
    • Automation
      • Alerts
        • Aggregate Alerts
        • Filter Alerts
        • Legacy Alerts
        • Alert Activities
        • Creating Alerts
        • Editing Alerts
          • Alert Properties
        • Managing Alerts
        • Setting Alert Throttle Period
        • Sending Aggregate Results to Actions
        • Monitoring Alerts
        • Diagnosing Alerts
          • Errors when Using Live join() Functions
          • Monitor Alerts with humio-activity Repository
            • Alert Raw Event Example
      • Scheduled Searches
        • Creating a Scheduled Search
        • Spacing Out Searches
        • Scheduled Search Errors and Resolutions
      • Scheduled PDF Reports
        • Scheduled Reports Security
          • Creating a Scheduled PDF Role using the UI
        • Managing Scheduled Reports
        • Creating Scheduled Reports
        • Editing Scheduled Reports
        • Limitations
        • Scheduled Reports Errors and Resolutions
      • Cron Schedule Templates
      • Actions
        • Creating Actions
        • Managing Actions
        • Action Type: Email
        • Action Type: Falcon LogScale Repository
        • Action Type: OpsGenie
        • Action Type: PagerDuty
        • Action Type: Slack
        • Action Type: Upload File
        • Action Type: VictorOps (Splunk On-Call)
        • Action Type: Webhooks
        • Message Templates and Variables
      • Troubleshoot Alerts and Scheduled Searches
    • Template Language
      • Template Expressions
      • Template Variable Types
      • Template Examples
    • Keyboard Shortcuts
LogScale Cloud
Falcon LogScale Documentation
/ Falcon LogScale Cloud 1.154.0-1.165.0
/ Manage users & permissions

Functionality Permission Requirements

The following lists detail which functionality (and their corresponding pages) require which permission to use.

Monitor Usage

  • View usage

Ingest Data from AWS S3

  • Change ingest feeds

Delete an Ingest Feed

  • Change ingest feeds

Edit Ingest Feed Configuration

  • Change ingest feeds

Blocking and Unblocking Ingestion

  • Manage Cluster

Ingest Tokens

  • Change Ingest tokens

Delete a Repository Token

  • Change Ingest tokens

Edit a Token

  • Change Ingest tokens

Generating Ingest Tokens and Assigning Parsers

  • Change Ingest tokens

Organization Query Monitor

  • Monitor queries

S3 Archiving for LogScale Cloud

  • Change S3 archiving settings

Organization Owned Queries

  • Change persistent queries to run on behalf of organization

  • View permission tokens

Organization Settings

  • Change organization settings

Manage users & permissions

  • Change organization permissions

  • Manage users

Manage Groups

  • Manage users

Group Roles

  • Manage users

Manage Roles

  • Manage users

Manage Users

  • Manage users

Edit a User

  • Manage users

Remove a User

  • Manage users

Manage User Roles

  • Manage users

Configure LogScale SAML for Cloud

  • Change identity providers

OpenID Connect

  • Change identity providers

Active Dir. Federation Svc.

  • Change identity providers

Azure Active Dir.

  • Change identity providers

Duo Security

  • Change identity providers

Okta

  • Change identity providers

PingFederate

  • Change identity providers

Session Management

  • Change sessions

Managing Active Sessions

  • Change sessions

Support
  • Twitter
  • Facebook
  • LinkedIn
  • Youtube

© 2024 CrowdStrike All other marks contained herein are the property of their respective owners.

Enter search term