Define, save, and share a search of log data in Health Log Analytics

  • Versão de lançamento: Australia
  • Atualizado 12 de mar. de 2026
  • 3 min. de leitura

    • Define, save, and share searches of log data to help determine the causes of Log Analytics alerts.

    Antes de Iniciar

    Role required: evt_mgmt_operator or evt_mgmt_admin

    Importante:
    From the Vancouver release onward, the Operator Workspace is deprecated and replaced with Service Operations Workspace. For the new procedure, see the corresponding topic in the Service Operations Workspace for ITOM documentation: Define, save, and share a search of log data in Health Log Analytics.

    Procedimento

    1. Open the Log Viewer tab using one of the following methods:
      • In the Agent Workspace, select the Log Viewer icon (Log Viewer icon).
      • While viewing log entries for an alert on the Surrounding logs tab, select Log Viewer.
      • Navigate to Health Log Analytics > Log Viewer.
    2. Define a search.
      1. Select the selection icon (Selection icon.) and then select New search.
      2. Set the values of the search parameters in the search fields.
        Tabela 1. Search fields
        Search field Description
        Query Search query.
        Dica:
        The Log viewer uses the Elasticsearch search engine, so you can use any supported search term structure in the Query field.
        Component Logical component of the service instance that generated the event. Multiple CIs can sometimes perform the same function.
        Time range Time range to apply to the X-axis when displaying the returned data. The setting that you specify appears in the Start time and End time fields. Use one of the following methods:
        • Select a time period from the list.
        • Click Custom range to use the date and time picker to specify a range.
        Nota:
        You can modify the settings in the Start time and End time fields manually. The selected time range shown in Select range then changes to Custom range. This feature is supported in the Health Log Analytics application, Version 20.0.11 - July 2021, and the Health Log Analytics Viewer application, Version 20.0.4 - July 2021, available from the ServiceNow Store.
        Nota:
        Saved searches do not include time range settings.
      3. Select Search.

        The system returns the full list of log lines that match the search values. The information is displayed in the Results over time chart.

    3. Opcional: Filter the search results that are shown on the Log viewer.
      1. On the right side of the screen, select the filter icon (Filter icon.).
      2. On the Filters pane, set filters to display the data you want to see on the Log viewer.
      This feature is supported in the Health Log Analytics application, Version 20.0.11 - July 2021, and the Health Log Analytics Viewer application, Version 20.0.4 - July 2021, available from the ServiceNow Store.
    4. Opcional: Set a filter for the data you want to see in a single field.
      1. Right-click in a field.
      2. Set a filter to display the data you want to see for that field.
        The most frequently set conditions are listed at the top of the filters list.
      3. Select Apply.
      This feature is supported in the Health Log Analytics application, Version 20.0.11 - July 2021, and the Health Log Analytics Viewer application, Version 20.0.4 - July 2021, available from the ServiceNow Store.
    5. Opcional: Save the search.
      The saved search includes the selected filters.
      Nota:
      Saved searches do not include time range settings.
      1. Select Save As.
      2. In the Search name field, specify a unique and descriptive name for the search and then click Save.
      Nota:
      If you are using Health Log Analytics application, Version 20.0.11 - July 2021, and the Health Log Analytics Viewer application, Version 20.0.4 - July 2021, available from the ServiceNow Store , you can define an alert rule without saving the search. For more information, see Add a Log Analytics alert rule in Health Log Analytics.
    6. Opcional: Share the saved search with an assignment group.
      1. Select Share.
      2. Select an assignment group from the list.
      3. Select Save.