Use or modify a saved log data search in Health Log Analytics

  • Freigeben Version: Australia
  • Aktualisiert 12. März 2026
  • 2 Minuten Lesedauer

    • Use a saved search of log data to better understand the causes of an alert. As the owner of a saved search, you can modify the search values and save your changes.

    Vorbereitungen

    Role required: evt_mgmt_operator or evt_mgmt_admin

    If you are not the owner of the saved search, save the search with a different name. You can then update search values, save your changes, and share the search with others.

    Wichtig:
    From the Vancouver release onward, the Operator Workspace is deprecated and replaced with Service Operations Workspace. For the new procedure, see the corresponding topic in the Service Operations Workspace for ITOM documentation: Use or modify a saved log data search in Health Log Analytics.

    Prozedur

    1. Open the Log Viewer tab using one of the following methods:
      • In the Agent Workspace, select the Log Viewer icon (Log Viewer icon).
      • While viewing log entries for an alert on the Surrounding logs tab, select Log Viewer.
      • Navigate to Health Log Analytics > Log Viewer.
    2. Use a saved search.
      1. Select the selection icon (Selection icon.) and then select Load search.
      2. In the Load search dialog box, click the name of the search to load.
      The system returns the full list of log lines that match the search values and displays the information in the Results over time chart.
    3. Wahlweise: Update the saved search.
      1. Select the selection icon (Selection icon.) and then select Manage my searches.
      2. Modify the settings.
        Tabelle : 1. Manage my searches form
        Field Description
        Name Name of the saved search.
        Query Search query.

        The Log viewer uses the Elasticsearch search engine, so you can use any supported search term structure in the Query field.
        Assignment group Assignment groups that can access the search. The members of the groups can use the search.
        Filter Column filter in standard format (field1=value1, field2=value2, field3=value3, ...).
        Updated Date and time the search was updated.

        This feature is supported in the Health Log Analytics application, Version 20.0.11 - July 2021, and the Health Log Analytics Viewer application, Version 20.0.4 - July 2021, available from the ServiceNow Store.

        To revert changes you have made to the search values, select the selection icon (Selection icon.) and then select Discard changes. The changes that you made to the search values are discarded. You can continue to update the search settings.

      3. Save the updated search.
        1. Select Save As.
        2. In the Search name field, specify a unique and descriptive name for the search and then click Save.