You are unable to locate the Endpoint Activity Recorder Logs you enabled in the EDR (Symantec Endpoint Detection and Response) web console.
Additional recorder rules were configured in EDR and you cannot search these logs/events in the EDR online console. When searching the client groups where these rules are enabled in SEP (Symantec Endpoint Protection) you find that the endpoints are enrolled and reporting to EDR, but when you search for a machine you do not find any of the extra logs that could have been captured by EDR. Your search results may return "no results found."
The netstat event recording checkbox in the Endpoint Activity Recorder configuration is just a recording setting and not a forwarder setting. That means events you are recording will be recorded in the SEP local database. They will not be forwarded.
This behavior is by design. Please note that it is also by design that requesting a full dump sends all recorded events in the local database to EDR where they can then be reviewed.
When performing an endpoint search or a process dump EDR will search across all events recorded in the local database that match the search criteria. Since that space is limited by your configuration of the endpoint database size it may not include the events you are searching for.
A full dump by design sends everything recorded in the local database to EDR.
Look for Search query syntax in the EDR documentation: