Documentation forLoggly

Saved Searches

Navigation Notice: When the APM Integrated Experience is enabled, Loggly shares a common navigation and enhanced feature set with other integrated experience products. How you navigate Loggly and access its features may vary from these instructions.

Once you have invested the time in creating a search with just the data you want, you can save the search so that you can run it as much as you like. And best of all, any search that you save is available to any user on your team’s account.

Saving a search query and running it periodically is one of the most efficient ways to use Loggly to find patterns in your data. By searching for particular instances or combinations of log messages you can pinpoint infrastructure issues in real time or possibly predict issues before they happen.

Loggly Saved Searches

Creating Saved Searches

Creating a saved search is easy. After you’ve created a search query you want to keep, click on the Star icon to the right of the search button, and then select Save this search as... .

Here are a few key points:

  • Filters are saved.
  • Source groups are saved. This means you can set up the repeatable search queries that will only run on a select group of log sources. Very useful.
  • Saved searches are shared across user profiles on the account. If any user deletes a saved search, this search will no longer be available to other users on the account.

Managing Saved Searches

After you have searches saved, you can access them by clicking the Star icon. You can click the link named Managed Saved Searches to view a list of saved searches, see which ones are used in alerts, and delete any saved searches that are no longer needed. If the saved search is used by an active alert a warning will display. If a saved search is removed from an alert, the alert will be automatically disabled.

Manage Saved Searches in Loggly

Alerting from Saved Searches

Saved searches also provide the parameters for Loggly's alerting tool. Loggly can run your saved search on a set schedule and alert you if results match your criteria. Check out the page on adding alerts to see how to set this up. You can add an alert by clicking the bell icon just to the right of the saved search icon.