Once you have invested the time in creating a search with just the data you want, you can save the search so that you can run it as much as you like. And best of all, any search that you save is available to any user on your team’s account.
Saving a search query and running it periodically is one of the most efficient ways to use Loggly to find patterns in your data. By searching for particular instances or combinations of log messages you can pinpoint infrastructure issues in real time or possibly predict issues before they happen!
Creating Saved Searches
Creating a saved search is easy: Once you’ve created a search query that you want to keep, click on the Star icon to the right of the search button and then “Save as”. Here are a few key points:
- Filters are saved.
- Source groups are saved.
- This means you can set up the repeatable search queries that will only run on a select group of log sources. Very useful.
- Saved searches are shared across user profiles on the account.
- If any user deletes a saved search, this search will no longer be available to other users on the account.
Managing Saved Searches
Once you have searches saved, you can access them by clicking on the “Star” icon. You can click on the link named “Managed Saved Searches” to view a list of saved searches, see which ones are used in alerts, and delete any saved searches that are no longer needed. If the saved search is used by an active alert you will see a warning. In the case that a saved search is removed from an alert, the alert will be automatically disabled.
Alerting from Saved Searches
Saved searches also provide the parameters for our alerting tool. We can run your saved search on a set schedule and alert you if results match your criteria. Check out our page on adding alerts to see how to set this up. You can add an alert by clicking on the bell icon just to the right of the saved search icon.