Configure Preferred Settings for Searches

Select [your_ID] > My Profile > Preferences.

You can specify the default settings that you want to apply for new searches. For example, you might want all of your searches to return results from the last 24 hours. Or, if you regularly use the same fieldset for a Search, you can specify that fieldset as your preferred default. You can always override your preferences as needed when you create a search. When you modify your Search preferences, the changes apply to new searches. Existing searches are not affected unless you re-run the search.

If you change your search preferences and you also have Scheduled Searches open in a separate browser tab, you must refresh the Scheduled Searches tab to ensure that the content in the tab reflects your changes.

Default Fieldset

Specifies the fieldset that you regularly use for a search. The default value is Base Event Fields.

Default View

Specifies whether the Events table displays results in the Grid View or Raw View. The default value is Grid View.

Time Zone

Instructs Search to adjust the timestamp for events to the chosen time zone.

Date/Time Format

Specifies the format of dates and times you want Search to use. The default is MM/DD/YY hh:mm:ss:ms.

Default Time Setting

Specifies the time range you want Search to find events. The default is the Last 30 minutes Preset value.

Base Searches On

Specifies the timestamp Search associates with the event you want to find. The default value is Normalized Event Time.

Search expires in

Specifies how often you want saved searches to expire, and thus for the system to remove them from the system. You can specify a value between 1 and 365. The default value is 7 days. Alternatively, if you have the Never Expire Search Results permission, you can choose for a search to never expire. When you create or edit a search, you can override this default setting.

The expiration date resets whenever you access the search. Resetting the expiration date includes resuming or re-running the search, as well as saving the search and changing its settings.

Session Search expires in

Specifies how often you want session searches to expire. The default is 24 hours. You can specify up to 120 hours. The expiration time resets whenever you change or run the search. When you create or edit a search, you can override this default setting.

Maximum search results

Specifies the maximum number of events that Search returns. Search considers a search complete when the results reach the maximum limit. The default value is 10,000,000. The lowest value that you can specify is 1,000. When you create a search, you can choose to override this default setting.

Your admin can configure a system-level setting that controls the maximum number of searches (with a limit of 10 million) for all instances of Fusion. If you enter a value outside of the system-level setting, you will receive an error message indicating that your preferred default cannot exceed the system setting. For information about setting a global search limit, see Upgrading Deployed Capabilities in the Administrator's Guide to ArcSight Platform.

Highlight Query Syntax

Specifies whether Search uses color to differentiate the syntax terms from the operators and functions within the query. The default value is set as Yes.