Description

The following article describes the process for creating a saved search and scheduling it to run at a future time and date. Saving and scheduling searches is beneficial if you want to easily repeat a search, have searches run automatically for you on an ongoing basis, and view and export search results.

Note: This article refers to the improved log search functionality that is available to new customers with the new Alert Logic product tiers. Existing customers will continue to see OmniBox search for the time being. OmniBox will be deprecated, and all customers migrated to the improved log search, in the coming months.

Solution

1. Plug your desired search into the log search Where bar. For detailed information on operators and log search syntax guidelines, see the Search: Log Messages documentation. You can also utilize Search Assistant below the search bar if you are having trouble with SQL syntax.
   
   
2. Edit the Projections bar if you would like your results to be shown in any way other than with the log message and time received in descending order based on time.
   
   
3. Click Save in the top right corner above the search bar.
4. Add a name for your search in the Name text field so that you can identify it later.
   
   
5. Add the search to a schedule by clicking + Add Schedule and choosing the recurrence, time range, day of the month, and time that you want the search to run on.
6. Click Save Schedule.

Your search has now been saved and scheduled, and can be found in either the Saved Search or Recently Scheduled Searches - if the search has recently been run based on its schedule - columns of Search Assistant. More information on Saved and Scheduled searches is available in the View Completed Scheduled Log Search Results knowledge base article.