Save a Search

Whether you are running ad hoc searches during a forensic investigation or running standard searches for health checks, you can save any search to run again later.

When you create a search that you would like to reuse, you can save it to the Library. From there you can run it again, share with others, edit the search, or create a Scheduled Search to run at a regularly scheduled time, and set up alerts. 

The saved search will also include any charts you have created in the Aggregates tab. 

To save a search:

1. Run a search query you'd like to save.
2. (Optional) After the search results are complete, in the Aggregates tab, select a chart type to display the data visually. 
3. Click Save As below the search field. 
   
4. In the Save Item dialog appears.
   
5. Name. Enter a name for your saved search.
6. Description. (Optional). Enter a description for the search search. 
7. Query. You can edit your query, if desired. Choose a Time Range option that will be the default range when you run the saved search.
8. Use Receipt Time.  Click the checkbox to run the search using message receipt time. For more information, see see Use Receipt Time.
9. Location to save to. Select a folder location for the saved search 
10. Click Save to save the search without scheduling.  If you want to schedule the search and optionally configure an alert, click Schedule this search and follow the instructions on Schedule a Search.