Define, save, and share a search of log data in Health Log Analytics

  • Rversion finale: Australia
  • Mis à jour 12 mars 2026
  • 2 minutes de lecture

    • Define, save, and share searches of log data to help determine the causes of Log Analytics alerts.

    Avant de commencer

    Role required: evt_mgmt_operator or evt_mgmt_admin

    Procédure

    1. Open the Log Viewer using one of the following methods:
      • Navigate to Workspaces > Service Operations Workspace and select the Log Viewer icon (Log Viewer icon.).
      • While viewing log entries for an alert on the Surrounding logs tab, select Log Viewer.
    2. Define a search.
      1. Select the selection icon (Selection icon.) and then select New search.
      2. Set the values of the search parameters in the search fields.
        Tableau 1. Search fields
        Search field Description
        Query Search query.
        Conseil :
        The Log viewer uses the Elasticsearch search engine, so you can use any supported search term structure in the Query field.
        Component Logical component of the service instance that generated the event. Multiple CIs can sometimes perform the same function.
        Time range Time range to apply to the X-axis when displaying the returned data. The setting that you specify appears in the Start time and End time fields. Use one of the following methods:
        • Select a time period from the list.
        • Click Custom range to use the date and time picker to specify a range.
        Remarque :
        You can modify the settings in the Start time and End time fields manually. The selected time range shown in Select range then changes to Custom range. This feature is supported in the Health Log Analytics application, Version 20.0.11 - July 2021, and the Health Log Analytics Viewer application, Version 20.0.4 - July 2021, available from the ServiceNow Store.
        Remarque :
        Saved searches do not include time range settings.
      3. Select Search.

        The system returns the full list of log lines that match the search values. The information is displayed in the Results over time chart.

    3. Facultatif : Save the search.
      The saved search includes any selected filters. For information about filters, see Filter search results on the Log Viewer in Health Log Analytics.
      Remarque :
      Saved searches do not include time range settings.
      1. Select Save As.
      2. In the Search name field, specify a unique and descriptive name for the search and then click Save.
      Remarque :
      If you are using Health Log Analytics application, Version 20.0.11 - July 2021, and the Health Log Analytics Viewer application, Version 20.0.4 - July 2021, available from the ServiceNow Store , you can define an alert rule without saving the search. For more information, see Add a Log Analytics alert rule in Health Log Analytics.
    4. Facultatif : Share the saved search with an assignment group.
      1. Select Share.
      2. Select an assignment group from the list.
      3. Select Save.