• Spaces
  • Help
    • ×
     
     
    •  
    BMC TrueSight IT Data Analytics 2.1

    Page tree

    If you find that you must repeatedly perform a particular search, you can save it for future use from the Search tab. You can also use saved searches to monitor data trends with the help of dashboards and set notifications that are triggered depending on the threshold set.

    You can view, manage, and search for saved searches by using the Saved Searches tab.

    This topic contains the following information:

    Related topics

    Saving a search

    You can save a search (query) to run again in the future.

    To save a search

    1. Navigate to the Search tab and perform a search by providing a search criteria in the search bar.
    2. On the top-right side of your screen, click Save Search .
    3. In the Save Search dialog box, enter the following details:

      • Name: Provide a name to identify the saved search.

        Note

        Names of the saved searches must be unique across users. If you try to save a search with a name that already exists, you get an error.

      • Description: Provide any additional information that you want to add about the saved search.

      • Time Context: The time context of the search that you performed is automatically displayed. To save the search with the same time context, you can leave this selection unchanged or you can change the time context and save the search with the new time context. You might want to change the time context to monitor your search results more closely.
        For example, if you are troubleshooting for an authentication failure error by performing a certain search every week (Last 7 days), then you might want to run this search every 24 hours to monitor the error more closely. For this you need to save the search with a different time context (Last 24 hours).

        Note

        Saved searches with custom time context cannot be added to dashboards because such saved searches provide absolute results.

      • If you want the search query to be visible to all users irrespective of their access permissions, select the Make Public check box.

        Note

        By selecting the Make Public check box, you enable users to view the search query and run it irrespective of their access permissions, but they cannot access the data in the search results unless they have the appropriate permissions.

    4. Click Save.
      You can view the saved search by navigating to the Saved Searches tab.

    Sharing a saved search

    You can share a saved search with all users irrespective of their user roles. When you share a saved search, users can both view and run the search query. However, they can view the search results only if they have the appropriate permissions.

    To share a saved search

    1. Navigate to the Saved Searches tab.
    2. Select the saved search that you want to share, and click Modify Saved Search .

    3. Select the Make Public check box.

    Executing a saved search

    1. Navigate to the Saved Searches tab.
    2. Perform one of the following actions:
      • Click the name of the saved search that you want to execute.
      • Select the saved search that you want to execute and click Execute Search .

    Tip

    You can also execute a saved search by selecting a type-ahead search suggestion while typing the search string the search bar.

    Modifying a saved search

    Dashboards and notifications are based on saved searches. So you need to be careful while changing the search query, if there are dashboards (or notifications) associated with that search query. Dashboards use the saved search context, therefore any change to the time context can affect dashboards associated with the saved search.

    Note

    You cannot modify a saved search:

    • Shared by other users (by using the Make Public check box at the time of creating the saved search)
    • Imported using a content pack

    To modify details of a saved search

    1. Navigate to the Saved Searches tab.
    2. Select the saved search that you want to modify, and click Modify Saved Search .
    3. Modify one or more of the following details that you provided when you created the saved search:
      • Search Name: The name to identify the saved search.
      • Query String: The search query stored.
      • Description: Additional details provided when you created the saved search.
      • Time Context: The time context provided when you created the saved search.
      • Make Public: Select this check box to share the search query with all users irrespective of their access permissions.
    4. Click Update to save the new details.

    Deleting a saved search

    You can delete the saved search that you created. When you delete a saved search, the dashboards and notifications associated with the saved search are also deleted.

    Note

    You cannot delete a saved search shared by others.

    To delete a saved search

    1. Navigate to the Saved Searches tab.
    2. Select the saved search that you want to delete, and click Delete Saved Search .
    3. Click Yes to confirm your action.

    Cloning a saved search

    You can make a copy of a saved search, modify details if needed, and save it.

    Note

    If you want to add a dashboard or a notification using a saved search marked as public, then you must first clone it.

    To clone a saved search

    1. Navigate to the Saved Searches tab.
    2. Select the saved search that you want to clone, and click Clone Saved Search .
    3. In the Search Name box, provide a name to identify the cloned saved search.
    4. If needed, modify other details such as the query string, the description, and the time context that you provided earlier when you saved that search.
    5. Click Save.

    Adding a saved search to the dashboard

    You can add a saved search to the dashboard for a graphic representation of the search results data.

    To add a saved search to the dashboard page

    1. Navigate to the Saved Searches tab.

    2. Select the saved search that you want to add to the dashboard page, and click Add to Dashboard .

      Note

      You cannot add a saved search to a dashboard in the following scenarios:

      • If the saved search has a custom time context because this type of saved search provides absolute results.
      • If the saved search was shared by other users and not created by you.
      • If the saved search contains a search query that uses the stats command without the group by parameter. Creating a dashlet for such a query does not provide meaningful representation of data.
        For example, in the following search query, there is no field specified to group the search results.
        * | stats count(HOST)

      However, you can use a saved search shared by another user for creating a dashboard after cloning the saved search.

    3. On the Add to Dashboard dialog box, provide the following details:
      • Summarization Field: Select the field name by which you want to summarize your search results data in the dashlet.
        You can select from a list of fields which are available on the Filters panel on the Search tab and all the tags which are available in the system. You can add more fields to this list by adding more fields to the Fields section, on the Filters panel. If the saved search contains a search query that returns tabular output (for example timechart, stats commands), then the fields displayed in the list are derived from the tabular data.

      • Chart Type: Select one of the following chart types to summarize your search results:

        Chart typePreview
        Bar

        Column
        Doughnut
        Line
        Pie

        Note

        The pie and doughnut charts are not supported for saved searches that return tabular output. For example, timechart command.

      • Dashboard: Select one of the existing dashboard pages to add the search results data to that dashboard page. If you want to add the search results data to a new dashboard page, then create the new dashboard page by selecting Create new and provide a name for the dashboard in the Dashboard box.
      • Dashlet Name: Provide a title for the summarization chart that you want to add in the dashlet.
      • On the Location grid, click the box in which your search results are to be displayed.s
        If a dashlet is already plotted on one of the four boxes, then the dashlet name appears on that box.
      • Click Add.
        You can see the saved search details summarized in the form of a chart on the Dashboards tab (on the specified dashboard page).

    You can also create dashboards from the Dashboards tab. For more information, see Managing dashboards.

    Creating a notification for the saved search

    1. Navigate to the Saved Searches tab.

    2. Select the saved search for which you want to add a notification, and click Create Notification .

      For more information, see Creating notifications.

      Note

      You cannot create a notification for a saved search in the following scenarios:

      • If the saved search is created for a custom time context. This is because such saved searches are run for a fixed duration and therefore are not relevant for adding notifications.
      • If the saved search was shared by other users and not created by you.
      • If the saved search contains a search query that returns tabular output. For example, timechart and stats command.

      However, you can use a saved search shared by another user for creating a dashboard after cloning the saved search.

    Where to go from here

    View summarization charts added to the dashboard and detect data trends, correlations, or irregularities. For more information, see Managing dashboards.

    Create notifications to monitor irregularities and raise alerts or log events. For more information, see Managing notifications.

    © Copyright 2005-2023 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.