...
Simple search – initial search, using simple search syntax, which results in a list of matching events.
Complex search – an advanced search, using complex search syntax, which results in a summary table of matching events, or transactions.
Saved search - a search that was previously saved and is available for an immediate execution. Can be either simple or complex.
Search Stages
A search can be run in three stages:
Initial search
Refined search
Complex search
Saved search
Initial Search
In the initial search, the user enters a search query of simple criteria, and the search runs on all the event data. In this simple search, the user can search the event data for a simple term or more than one term, run a Boolean search, a search with wildcards, or a column-based search.
...
Complex search queries are used to perform advanced complex operations and reporting on the log events resulting from a simple search. Running a complex search query results in a summary table, and can also be visualized as gadgets widgets in XPLG Dashboards.
Saved Search
Select a saved search from the saved searches list to execute it. A saved search is a prepared search that was saved in advance, and the system keeps selected time periods updated with results for an immediate view.