Make Investigations Work for You

Caution: The Investigation Tool returns 180 days of data from all logs. Gmail log search does have a limit of 30 days unless you have the message ID and recipient email address. You can export Google Workspace logs and usage reports to Big Query. Over time, this gives you access to data past the 30 day/6 month window. See Export your Google Logs to BigQuery for a Big Win.

Custom dashboard charts from investigations

Creating custom charts for the dashboard is a great way to focus on known issues or common search queries. If you find yourself conducting the same search time and time again within the investigation tool, you should create a custom chart to add to your dashboard.

When users create a custom chart, it will only be available from their own login. Once you are finished with a custom chart you can easily delete it without affecting other security center admins.

To create a custom chart:

  1. Start in the investigation tool.
  2. Click the ellipsis on the right-hand side.
  3. Choose Create Custom Chart.

Activity rules from investigations

Activity rules are automated rules based on log events within the Investigation Tool. Through activity rules, you have the ability to create alerts and enable remedial actions. These are useful for automating some activities based on a data source and trigger.  

You can monitor activity and change the threshold of alerts before making a specific rule active.

Currently you can only set activity rules for the entire domain. There is no granularity by OU or group so every rule is either ON or OFF.

Follow these instructions to create an activity rule.


Document Version Date Description of Change


Articles in this section