The following article describes the process for creating a saved search and scheduling it to run at a future time and date. Saving and scheduling searches is beneficial if you want to easily repeat a search, have searches run automatically for you on an ongoing basis, and view and export search results.
Note: This article refers to the improved log search functionality, Alert Logic Essentials, Professional, or Enterprise customers, find log search at the main menu () > Investigate > Search > Log Search. Alert Logic Cloud Defender or Log Manager customers, find it at Search > Log Search BETA.
- Plug your desired search into the log search Where bar. For detailed information on operators and log search syntax guidelines, see the Search: Log Messages documentation. You can also utilize Search Assistant below the search bar if you are having trouble with SQL syntax.
- Edit the Select bar if you would like your results to be shown in any way other than with the log message and time received in descending order based on time.
- Click on the yellow down arrow () to the right of the Search button.
- Click Save and Schedule Search.
- Add a name for your search in the Name text field and an optional description in the Description field so that you can identify it later.
- Save your search to a search group by clicking Save to group and choosing one of the existing groups that appears. Note: You can then create a new search group by clicking Create New Group at the bottom of the side panel ().
- Add the search to a schedule by clicking + Add Schedule and choosing the recurrence, time range, day of the month, and time that you want the search to run on.
- Click Save Schedule.
Your search has now been saved and scheduled, and can be found in either the Saved Search or Recently Scheduled Searches - if the search has recently been run based on its schedule - columns of Search Assistant. More information on Saved and Scheduled searches is available in the View Completed Scheduled Log Search Results knowledge base article.