Skip to content
LogoLogScale DocumentationFull Library Knowledge Base Release Notes Integrations Query Examples Training API GraphQL API Contacting Support
help

Versions of this Page

    • Data Analysis Overview
    • LogScale User Interface
      • Managing Your Account
    • Repositories & Views
      • Create Repository or View
      • Repository and View Settings
      • Falcon LTR Repositories
      • Lookup Files
      • Delete Repositories & Views
    • Parsing Data
      • Built-in Parsers
      • Creating a Parser
      • Ingest Tokens
      • Parser Errors
      • Removing Fields
      • Event Tags
      • Parsing Timestamps
    • Searching Data
      • Query Editor
      • Event Fields
      • Display Fields
      • Select & Filter Fields
      • Add & Remove Fields
      • Display Results and Events
      • Inspect Events
      • Show in Context
      • Format Columns
      • Column Properties
      • Field Data Types
      • Field Interactions
      • Different Visuals
      • Highlight Filter Match
      • Change Time Interval
      • Set Time Zone
      • Save Searches
      • Export Data
      • Search Status
      • Event List Interactions
    • Writing Queries
      • Basic Query Principles
      • Managing Queries
      • Common Queries
      • Writing Better Queries
      • Query Readability & Better Usage
      • Example Queries
    • Dashboards & Widgets
      • Create Dashboards and Widgets
      • Manage Widgets
      • Manage Dashboards
      • Edit Dashboards
      • Organize Information on Dashboards
      • Manage Dashboard Parameters
      • Manage Dashboard Interactions
      • Export Dashboards as PDF
        • PDF Export Options
      • Widgets
        • Bar Chart Widget
        • Event List Widget
        • Gauge Widget
        • Heat Map Widget
        • Note Widget
        • Pie Chart Widget
        • Sankey Diagram Widget
        • Scatter Chart Widget
        • Single Value Widget
        • Table Widget
        • Time Chart Widget
        • World Map Widget
        • Embedding iFrame Widgets
    • Automation
      • Alerts
        • Filter Alerts
        • Standard Alerts
        • Alert Activities
        • Creating Alerts
        • Managing Alerts
        • Editing an Alert
        • Setting Alert Throttle Period
        • Sending Aggregate Results to Actions
        • Monitoring Alerts
        • Diagnosing Alerts
          • Errors when Using Live join() Functions
          • Monitor Alerts with humio-activity Repository
            • Alert Raw Event Example
              • Filter alert errors and solutions
              • Legacy alert errors and solutions
      • Scheduled Searches
        • Creating a Scheduled Search
        • Spacing Out Searches
        • Scheduled Search Errors and Resolutions
      • Scheduled PDF Reports
        • Scheduled Reports Security
          • Creating a Scheduled PDF Role using the UI
        • Managing Scheduled Reports
        • Creating Scheduled Reports
        • Editing Scheduled Reports
        • Limitations
        • Scheduled Reports Errors and Resolutions
      • Cron Schedule Templates
      • Actions
        • Creating Actions
        • Managing Actions
        • Action Type: Email
        • Action Type: Falcon LogScale Repository
        • Action Type: OpsGenie
        • Action Type: PagerDuty
        • Action Type: Slack
        • Action Type: Upload File
        • Action Type: VictorOps (Splunk On-Call)
        • Action Type: Webhooks
        • Message Templates and Variables
    • Query Language Syntax
      • Comments
      • Field Names
      • Query Filters
      • Operators
      • Adding Fields
      • User Parameters/Variables
      • Conditional Evaluation
      • Array Syntax
      • Expressions
      • Function Syntax
      • Time Syntax
        • Supported Time Zones
        • Relative Time Syntax
      • Regular Expression Syntax
        • Regular Expression Syntax Patterns
        • Unsupported Regular Expression Patterns
        • Regular Expression Flags
        • Differences from Other Regex Implementations
    • Query Functions
      • Aggregate Query Functions
      • Array Query Functions
      • Comparison Query Functions
      • Conditional Query Functions
      • Event & Data Manipulation Query Functions
      • Filtering Query Functions
      • Formatting Query Functions
      • Geolocation Query Functions
      • Hash Query Functions
      • Join Query Functions
      • Math Query Functions
      • Network & Location Query Functions
      • Parsing Query Functions
      • Preamble Query Functions
      • Regular Expression Query Functions
      • Security Query Functions
      • Statistics Query Functions
      • String Query Functions
      • Time & Date Query Functions
      • Widget Query Functions
      • array:contains()
      • array:eval()
      • array:filter()
      • array:intersection()
      • array:reduceAll()
      • array:reduceColumn()
      • array:reduceRow()
      • array:regex()
      • array:union()
      • asn()
      • avg()
      • base64Decode()
      • beta:param()
      • beta:repeating()
      • bitfield:extractFlags()
      • bucket()
      • callFunction()
      • cidr()
      • coalesce()
      • collect()
      • communityId()
      • concat()
      • concatArray()
      • copyEvent()
      • count()
      • counterAsRate()
      • createEvents()
      • crypto:md5()
      • default()
      • drop()
      • dropEvent()
      • end()
      • eval()
      • eventFieldCount()
      • eventInternals()
      • eventSize()
      • fieldset()
      • fieldstats()
      • findTimestamp()
      • format()
      • formatDuration()
      • formatTime()
      • geohash()
      • groupBy()
      • hash()
      • hashMatch()
      • hashRewrite()
      • head()
      • in()
      • ioc:lookup()
      • ipLocation()
      • join()
      • json:prettyPrint()
      • kvParse()
      • length()
      • linReg()
      • lower()
      • lowercase()
      • match()
      • math:abs()
      • math:arccos()
      • math:arcsin()
      • math:arctan()
      • math:arctan2()
      • math:ceil()
      • math:cos()
      • math:cosh()
      • math:deg2rad()
      • math:exp()
      • math:expm1()
      • math:floor()
      • math:log()
      • math:log10()
      • math:log1p()
      • math:log2()
      • math:mod()
      • math:pow()
      • math:rad2deg()
      • math:sin()
      • math:sinh()
      • math:spherical2cartesian()
      • math:sqrt()
      • math:tan()
      • math:tanh()
      • max()
      • min()
      • now()
      • parseCEF()
      • parseCsv()
      • parseFixedWidth()
      • parseHexString()
      • parseInt()
      • parseJson()
      • parseLEEF()
      • parseTimestamp()
      • parseUrl()
      • parseXml()
      • percentile()
      • range()
      • rdns()
      • regex()
      • rename()
      • replace()
      • round()
      • sample()
      • sankey()
      • select()
      • selectFromMax()
      • selectFromMin()
      • selectLast()
      • selfJoin()
      • selfJoinFilter()
      • series()
      • session()
      • shannonEntropy()
      • sort()
      • split()
      • splitString()
      • start()
      • stats()
      • stdDev()
      • stripAnsiCodes()
      • subnet()
      • sum()
      • table()
      • tail()
      • test()
      • time:dayOfMonth()
      • time:dayOfWeek()
      • time:dayOfWeekName()
      • time:dayOfYear()
      • time:hour()
      • time:millisecond()
      • time:minute()
      • time:month()
      • time:monthName()
      • time:second()
      • time:weekOfYear()
      • time:year()
      • timeChart()
      • tokenHash()
      • top()
      • transpose()
      • unit:convert()
      • upper()
      • urlDecode()
      • urlEncode()
      • wildcard()
      • window()
      • worldMap()
      • writeJson()
      • xml:prettyPrint()
    • Template Language
      • Template Expressions
      • Template Variable Types
      • Template Examples
    • Keyboard Shortcuts
Falcon LogScale Documentation
/ Data Analysis 1.107.0-1.112.4
/ Searching Data

Save Searches

It is possible to save search results, queries, dashboard widgets and sheduled searches. As it can take some time to construct a search query and if used often, saving searches and different dashboards for reuse is time saving.

In the Results panel, click Save, and select one of the following options:

  • Saved search. You can make a saved query of your search. See Saving Queries for more information.

  • Dashboard widget. If your search is visualized as one of the available widgets, you can save that widget for future use. See Dashboards & Widgets for more information.

  • Scheduled search. You can save a scheduled search that will be invoked in a predefined time interval. If there is a result, the scheduled search will trigger its associated actions. See Scheduled Searches for more information.

  • Alert. You can save a query as an alert (if the type of search is appropriate). See Alerts for more information.

  • Export to File. This option will export the results of the query, all that is shown in the Results panel, to a file locally. See Export Data for more information.

Support
  • Twitter
  • Facebook
  • LinkedIn
  • Youtube

© 2025 CrowdStrike All other marks contained herein are the property of their respective owners.

Enter search term

OSZAR »