Caution: The Investigation Tool returns 30 days of data from Gmail logs and 180 days of data from all other logs. You can export Google Workspace logs and usage reports to Big Query. Over time, this gives you access to data past the 6 month window. See Export your Google Logs to BigQuery for a Big Win.
From Alerts to investigations
You can launch into the investigation tool from the alert center by simply clicking the Investigate Alert magnifying glass from the Alert details. The investigation pre-populates and opens in a new tab automatically.
- From the Admin Console: From any page, click the alert icon at the top right of the page. Select an alert in the list of alerts or click View all and then filter and select an alert to open its detail view.
Then click Investigate Alert.
From Security Dashboard to investigations
The Security Dashboard may surface trends or issues you want to investigate further. You can pivot to the Investigation Tool directly from the dashboard.
- From the Admin Console: Navigate to Security > Security center > Dashboard. You will see either Investigate or View Report in the bottom right of each chart. Choose Investigate and a search will be automatically built for you in the investigation tool. If you see View Report, the chart allows you to export data to Sheets instead of launching an investigation.
Document Version | Date | Description of Change |
1.0 | 9/6/2024 | reworked text, updated image, reverify |