NeQter Labs How to Guides
Table of Contents
Discover Search Guide
The Discover Search feature found on the Discover page is a useful tool which can help users not only save a combination of filters, queries and opened fields for later use but also use custom searches in the creation of customized alerts. In this quick guide we will go over the creation of a discover search, its uses and some dos and don’ts of the tool.
Creating a Save Search
Before creating a Saved Search you will need to first create the data the search will be saving. Saved Searches can save Filters, Queries and Fields applied on the page. All of which is explored more in our Filter, Query and Fields sections of our Discover Page Documentation respectively.
Once you have the ‘Search’ you’d like to save, you can go to the top left of the page and click on the Save button.
From here you can give your saved search a custom name and click Save to finish.
Once finished, you should now see your Saved Search’s name in the top left corner next to discover.
Uses of a Save Search
Saved Searches are useful in multiple different aspects, one is that you can use saved searches to load previously created searches. So if there is any particular combination of fields, filters and queries you’d like to have for future use you can use the saved search feature to save them and bring them back.
To open a saved search you can click on the Open button on the top left and in the window that appears you can search for the Saved Search’s name and click to bring the search back up.
Another use of a saved search besides bringing it back up onto the discover page for reference is that they can be used to create an Alert. When used in a alert, if any logs match the filters / query setup on the saved search at all it will then count towards the alert utilizing the saved search. To use a saved search in this matter you will first need click on the Alert button on the top left and then either open up a previously created alert or create a new one by clicking the Create Alert button in the Modify Alerts window.
Once on the Alert Configuration page, you can then click on the drop down menu under Search and select your saved search there to use for the task of generating events.
NOTE: For more information on how to setup an alert from scratch you can use our documentation here for more information.
Additional Information
There are a few items of note when creating Saved Searches that users should be aware of. The first of these is that if a Saved Search does not contain a filter of any sort then it cannot be used in the creation of a custom alert. However Saved Searches containing a combination of Queries / Fields alongside at least one filter will work fine. If you plan to utilize a Query in the generation of a event via an alert you will need to add a filter for said alert to function.
One last item to note is that any Saved Search created can be modified but not removed from the NeQter Core. While the Saved Searches take up barely any space at all on the box, having lots of searches created can clutter up the Saved Search Index making it more difficult to find certain searches. Please keep this in mind when creating lots of different searches.