Graylog provides saved search functionality to allow for easy access to previous search criteria. For example, if you frequently need to search through web requests made the day before, then you may benefit from saving this search rather than entering the criteria each time. You can also use saved searches as a building block for dashboards.

Create and Manage Saved Searches

You can save a search via the Search page:

  1. Enter and submit your search.

  2. Click on the Save button on the right side of the search bar.

  3. Enter a unique title for the search.

  4. Click Create new.

saved_search_create_v2

To locate a previously saved search, click the Load button and select the saved search from the list as seen below. You can also delete a saved search through this dialog box.

To update a previously saved search:

  1. Click Load and select the desired saved search from the list.

  2. Edit the search results. You may add new fields for a message table, add new widgets, or define a different search query.

  3. Click Save.

You may change the search title through this dialog box and also click the Save as button to create a new saved search without modifying the original saved search.

Search Query String History

Graylog enables you to search through your recent query string history to retain queries you have used in other event replays and dashboards. The search bar supports auto completion and displays relevant search queries you have entered in the past. When selected, these queries replace the current query string.

The search query history button is at the right of the search bar, represented with a counterclockwise arrow icon. All queries are saved to the Mongo database, making it possible to search through past queries via the drop-down menu that appears when you click the icon. Searches are listed in descending order from newest to oldest.

Hint: The shortcut alt-space shows suggestions for a query input. When the input is empty, this shortcut shows query history suggestions. If you already have an input, use alt-shift-h to prompt suggestions. See Keyboard Shortcuts for information about other shortcuts.