Get an Overview of Your Searches

Select Search > Home.

The Search Home tab provides a high-level view of your Search and event activity while also offering immediate access to search features. Your Search and event activity are segmented into Widgets that show the state of specific searches and events, such as saved search queries, search criteria, and events by agent type.

To view items referenced in the search chart, such as saved search queries, scheduled searches, etc., click . This opens a new tab that displays detailed information about your selection.

The data in the events pie charts (Total Events, Total Events - 24 Hours, Events by Device Vendor - 24 Hours, etc.) refreshes every five minutes and is based on a normalized event time.

My Session Searches

Lists all recent searches. For each search, the table provides the name, search query, status, search type, timestamp, fieldsets, the ID that created the search, and the date the search was created. You can sort the table by some of the column. The table show only searches with the status Completed, Pause, Running, and Error.

To view one of the searches, click . To remove session searches from the list, select the rows to be removed. Then, click .
Search Queries: Shows the number of system, private, and public saved search queries that you can access.
Search Criteria: Shows the number of system, private, and public saved search criteria that you can access.
Search Results: Indicates whether any of your saved search results have completed, are running, or have been paused.
Scheduled Searches
Displays the number of enabled and disabled scheduled searches.

Fieldsets

Shows the number of system and private fieldsets that you can use when running a search.

Lists

Shows the number of lookup lists that you can include in a search.

Total Events

Shows the total number of all events that have occurred within your ArcSight database installation. This number refreshes every five minutes.

Events 24 Hours

Shows the total number of all events within the last 24 hours.

Events by Device Vendor – 24 Hours

Shows the total number of the first three events by Device Vendor with the highest count within the last 24 hours.

Events by Agent Type – 24 Hours

Shows the total number of the first three events by Agent Type with the highest count within the last 24 hours.

Events by Agent Severity – 24 hours: Shows the total number of the first three events by Agent Severity with the highest count within the last 24 hours.

Events by Category Technique – 24 hours

Shows the total number of the first three events by Category Technique (for example, analysis, transition, or routing) with the highest count within the last 24 hours.