Creating a Simple Historical Search
Prequisites
Procedure
Prequisites
If you need to familiarize yourself with how historical search works or the historical search interface, you should read these topics:
Overview of the Historical Search User Interface
Example of How a Structured Historical Search is Processed
Sample Historical Searches
Structured Search Operators
Procedure
- Log in to your Supervisor node.
- Go to Analytics > Historical Search.
- For Filter Criteria, select Simple.
- Enter the keywords you want to search for in the raw event logs.
See Keywords and Operators for Simple Searches for information on keyword searching.
- Under Display Fields, select the attributes you want to use as the columns in your results list.
See Selecting Attributes for Structured Searches, Display Fields, and Rules and Creating Filter Criteria and Display Column Sets for options for selecting display field attributes and sets.
- For Time, set the interval over which you want the search to run.
- For multi-tenant deployments, select the Organization you want to run the search against.
- Click Run.
The results of your search will be displayed in the chart and search results list.