Configure Preferred Settings for Searches

Select [your_ID] > My Profile > Preferences.

You can specify the default settings that you want to apply for new searches. For example, you might want all of your searches to return results from the last 24 hours. Or, if you regularly use the same fieldset for a Search, you can specify that fieldset as your preferred default. You can always override your preferences as needed when you create a search. When you modify your Search preferences, the changes apply to new searches. Existing searches are not affected unless you re-run the search.

If you change your search preferences and you also have Scheduled Searches open in a separate browser tab, you must refresh the Scheduled Searches tab to ensure that the content in the tab reflects your changes.

Default Fieldset

Specifies the fieldset that you regularly use for a search. The default value is Base Event Fields.

Default View

Specifies whether the Events table displays results in the Grid View or Raw View. The default value is Grid View.

Time Zone

Instructs Search to adjust the timestamp for events to the chosen time zone.

Date/Time Format

Specifies the format of dates and times you want Search to use. The default is MM/DD/YY hh:mm:ss:ms.

Default Time Setting

Specifies the time range you want Search to find events. The default is the Last 30 minutes Preset value.

Base Searches On

Specifies the timestamp Search associates with the event you want to find. The default value is Normalized Event Time.

Search expires in

Specifies how often you want saved searches to expire, and thus for the system to remove them from the system. The default value is 7 days. Alternatively, if you have a Recon license, you can choose for a search to never expire.

The expiration date resets whenever you access the search. Resetting the expiration date includes resuming or re-running the search, as well as saving the search and changing its settings.

Maximum search results

Specifies the maximum number of events that Search returns. Search considers a search complete when the results reach the maximum limit. The default value is 10,000,000. The lowest value that you can specify is 1,000.

Highlight Query Syntax

Specifies whether Search uses color to differentiate the syntax terms from the operators and functions within the query. The default value is set as Yes.