XpoSearch enables users with sufficient permission to save a search so that it can be quickly run in the futuresearches can be saved for future usage. This is a very handy feature for useful or interesting searches that you expect to run again, as it saves you the time of reformulating and retyping the search string.
In addition, by default, XPLG keeps the saved searches results updated in the background to allow users to run them and get results very quickly.
For a detailed explanation on how to run a saved search, see Running a Saved Search.
Saving a search is very quick and simple – the minimum that is required is for you to define a name for the search; the search string, which is also required, is automatically input by the system. You also have the option of defining the following:
The time range for which the search is to be run (relative to the time that the search is initiated), such as Last 3 days. If the time range is not defined, the saved search runs on the time range selected in the Search Query Panel at the time that you ran the saved searchdefault time range of the search - upon execution for the first time, this will be the time that will be used.
A description of the search.
An indication of whether or not this search is to be included in the analysis that the Analytics engine performs on logs. A severity of None excludes this search from the analysis that the Analytics engine performs on logs. A severity of Low, Medium, or High indicates that the Analytics engine is to include this search in the analysis it performs on logs.
Visibility - users may select whether the search is private (visible to the user who saved it) only, or public (available to all users).
Cache settings - determine if cache is active, and on which time frames. Caching a search is highly recommended as XPLG will generate results continuously on the selected time frames allowing users to see results immediately when executing.
To save a search:
There are 2 options to save a search:
Directly from Search console
Run any search In the Search
console, and under Action > select Save Search.
The Save Search dialog box opens. The search query is automatically input into Search
Query.
In Name, type a meaningful name for the search (mandatory).
In Description, type a description of the search (optional).
In
Visibility, select
whether the search is
private (visible to the user who saved it) only, or public (available to all users)
Advanced Settings:
Collection Policy
Data Generation Frequency
In Severity, select from the dropdown list a severity of Low, Medium, or High if you want the Analytics engine to include this search in the analysis it performs on logs. Otherwise, leave the severity at None, to exclude this search from the analysis that the Analytics engine performs on logs.
Context - add a context to the search or select an existing one. The context helps to filter the saved searches list when there are many saved in the system for faster navigation.
Create Cache checkbox - check to activate cache, leave uncheck in order NOT to generate cache (in such a case the searches will run on selection only, and results will not be prepared by the system in the background).
In Default Time, select from the dropdown list the period of time relative to the current date that the search is to be conducted (optional). Leave blank to XpoSearch to run the saved search on the time range that is displayed in the Search Query Panel at the time that the saved search runs.
Cached Time Frames - select the time frames that XPLG should keep cached results on (relevant only if cache is checked to be activated)
Click Save.
The search is saved.
From the Saved Searches console.
Access the console from PortX > Search > Saved Searches. The options are similar.