If you find that you must repeatedly perform a particular search, you can save it for future use from the Search tab. You can also use saved searches to monitor data trends with the help of dashboards and set notifications that are triggered depending on the threshold set.
You can view, manage, and search for saved searches by using the Saved Searches tab.
This topic contains the following information:
Related topics
Saving a search
You can save a search (query) to run again in the future.
To save a search
- Navigate to the Search tab and perform a search by providing a search criteria in the search bar.
- On the top-right side of your screen, click Save Search
. - In the Save Search dialog box, enter the following details:
Name: Provide a name to identify the saved search.
Note
Names of the saved searches must be unique across users. If you try to save a search with a name that already exists, you get an error.
Description: Provide any additional information that you want to add about the saved search.
Time Context: The time context of the search that you performed is automatically displayed. To save the search with the same time context, you can leave this selection unchanged or you can change the time context and save the search with the new time context. You might want to change the time context to monitor your search results more closely.
For example, if you are troubleshooting for an authentication failure error by performing a certain search every week (Last 7 days), then you might want to run this search every 24 hours to monitor the error more closely. For this you need to save the search with a different time context (Last 24 hours).Note
Saved searches with custom time context cannot be added to dashboards because such saved searches provide absolute results.
If you want the search query to be visible to all users irrespective of their access permissions, select the Make Public check box.
Note
By selecting the Make Public check box, you enable users to view the search query and run it irrespective of their access permissions, but they cannot access the data in the search results unless they have the appropriate permissions.
- Click Save.
You can view the saved search by navigating to the Saved Searches tab.
Sharing a saved search
You can share a saved search with all users irrespective of their user roles. When you share a saved search, users can both view and run the search query. However, they can view the search results only if they have the appropriate permissions. They can also use the shared saved search to add dashlets and notifications.
To share a saved search
- Navigate to the Saved Searches tab.
- Select the saved search that you want to share, and click Modify Saved Search
. Select the Make Public check box.
Note
Saved searches imported via a content pack are also treated as public saved searches.
As an app admin or super admin, you can also share saved searches with other users by exporting them in a content pack. However, note that only super admins have the capability of importing content packs.
Executing a saved search
- Navigate to the Saved Searches tab.
- Perform one of the following actions:
- Click the name of the saved search that you want to execute.
- Select the saved search that you want to execute and click Execute Search
.
Tip
You can also execute a saved search by selecting a type-ahead search suggestion while typing the search string the search bar.
Modifying a saved search
Dashboards and notifications are based on saved searches. So you need to be careful while changing the search query, if there are dashboards (or notifications) associated with that search query. Dashboards use the saved search context, therefore any change to the time context can affect dashboards associated with the saved search.
Note
You cannot modify a saved search:
- Shared by other users (by selecting the Make Public check box at the time of creating the saved search)
- Imported via a content pack.
However, you can clone the saved search and then customize it as per your needs.
To modify details of a saved search
- Navigate to the Saved Searches tab.
- Select the saved search that you want to modify, and click Modify Saved Search .
- Modify one or more of the following details that you provided when you created the saved search:
- Search Name: The name to identify the saved search.
- Query String: The search query stored.
- Description: Additional details provided when you created the saved search.
- Time Context: The time context provided when you created the saved search.
- Make Public: Select this check box to share the search query with all users irrespective of their access permissions.
- Click Update to save the new details.
Deleting a saved search
You can delete the saved search that you created. When you delete a saved search, the dashboards and notifications associated with the saved search are also deleted. If a notification contains multiple saved searches and if you delete one of the saved searches used in the notification, then that saved search is removed from the notification.
If you delete a public saved search, a private copy of the saved search is automatically created so that objects configured based on the deleted saved search continue to function. The private copy details are automatically updated in the dependent objects (for example, notifications and dashboards) and are also listed on the Saved Searches page. The user using the saved searches becomes the owner of the private copy. The private copy is named in the following ways based on the source of the public saved search:
- Imported via a content pack: Based on this source, the private copy is named as "Copy of <SavedSearchName> from <ContentPackName>".
- Created by you: Based on this source, the private copy is named as "Copy of <SavedSearchName>".
Note
You cannot delete public saved searches shared by other users.
To delete a saved search
- Navigate to the Saved Searches tab.
- Select the saved search that you want to delete, and click Delete Saved Search
. - Click Yes to confirm your action.
Cloning a saved search
You can make a copy of a saved search, modify details if needed, and save it.
To clone a saved search
- Navigate to the Saved Searches tab.
- Select the saved search that you want to clone, and click Clone Saved Search
. - In the Search Name box, provide a name to identify the cloned saved search.
- If needed, modify other details such as the query string, the description, and the time context that you provided earlier when you saved that search.
- Click Save.
Adding a saved search to the dashboard
You can add a saved search to the dashboard for a graphic representation of the search results data.
To add a saved search to the dashboard page
- Navigate to the Saved Searches tab.
Select the saved search that you want to add to the dashboard page, and click Add to Dashboard
.Note
You cannot add a saved search to a dashboard in the following scenarios:
- If the saved search has a custom time context because this type of saved search provides absolute results.
- If the saved search contains a search query that uses the stats command without the group
byparameter. Creating a dashlet for such a query does not provide meaningful representation of data.
For example, in the following search query, there is no field specified to group the search results.* | stats count(HOST)
- On the Add to Dashboard dialog box, provide the following details:
- Summarization Field: Select the field name by which you want to summarize your search results data in the dashlet.
You can select from a list of fields which are available on the Filters panel on the Search tab and all the tags which are available in the system. You can add more fields to this list by adding more fields to the Fields section, on the Filters panel. If the saved search contains a search query that returns tabular output (for example timechart, stats commands), then the fields displayed in the list are derived from the tabular data. Chart Type: Select one of the following chart types to summarize your search results:
Chart type Preview Bar 
Column 
Doughnut 
Line 
Pie 
Note
The pie and doughnut charts are not supported for saved searches that return tabular output. For example, timechart command.
- Dashboard: Select one of the existing dashboard pages to add the search results data to that dashboard page. If you want to add the search results data to a new dashboard page, then create the new dashboard page by selecting Create new and provide a name for the dashboard in the Dashboard box.
- Dashlet Name: Provide a title for the summarization chart that you want to add in the dashlet.
- On the Location grid, click the box in which your search results are to be displayed.s
If a dashlet is already plotted on one of the four boxes, then the dashlet name appears on that box. - Click Add.
You can see the saved search details summarized in the form of a chart on the Dashboards tab (on the specified dashboard page).
- Summarization Field: Select the field name by which you want to summarize your search results data in the dashlet.
You can also create dashboards from the Dashboards tab. For more information, see Managing dashboards.
Creating a notification for the saved search
- Navigate to the Saved Searches tab.
Select the saved search for which you want to add a notification, and click Create Notification
.Tip
While selecting the saved search name, you can specify any portion of the saved search name. You can even specify the content pack name via which the saved search was imported.
For more information, see Creating notifications.
Note
You cannot create a notification for a saved search in the following scenarios:
Viewing and searching configured saved searches
The Saved Searches tab allows you to view, manage, and search saved searches.
You can perform the following actions on the Saved Searches tab.
| Action | Icon | Description |
|---|---|---|
| Execute Search | | Execute the saved search. For more information, see Executing a saved search. |
| View Saved Search |  | View details of the selected saved search. You can see details such as the name, search query, description, and time context of the saved search. Additionally, you can see whether the saved search is public or not. |
| Modify Saved Search | | Edit the selected saved search details. For more information, see Modifying a saved search. |
| Delete Saved Search | | Delete the selected saved search. For more information, see Deleting a saved search. |
| Clone Saved Search |  | Make a copy of the selected saved search. For more information, see Cloning a saved search. |
| Add to Dashboard |  | Use the saved search to create a dashlet on a dashboard. For more information, see Adding a saved search to the dashboard. |
| Create Notification | | Use the saved search to create a notification. For more information, see Creating a notification for the saved search. |
| List Notifications and Dashlets |  | List the notifications and dashlets in which the existing saved searches are employed. |
| Search |  | Search for a saved search by entering a string in the search bar at the top right of your screen. You can search for a saved search by name, source, and by the search string. |
The Saved Searches tab provides the following information:
Field | Description |
|---|---|
Name | Name of the saved search configured. |
| Source | Source can be one of the following:
If the saved search is created by you, then a hyphen (-) is displayed. Note: Saved searches imported via a content pack are treated as public saved searches. |
| Search String | Search query included in the saved search. |
| Time Range | Time range of the search query included in the saved search. |
| Public | Displays whether the saved search is public or not, this means whether it is accessible by all users or not. |
Where to go from here
View summarization charts added to the dashboard and detect data trends, correlations, or irregularities. For more information, see Managing dashboards.
Create notifications to monitor irregularities and raise alerts or log events. For more information, see Managing notifications.
Overview
Content Tools
Apps
Reporter Replacement
com.bmc.atlassian.bmc-util-plugin-2.section.label
Tasks