Search History

Monitor search status and stop running searches

The Search History page gives you visibility into what queries are running or recently ran in your Panther instance. It displays the last 30 days of searches run in the Panther Console.

How to access Search History

In the left-hand navigation bar of your Panther Console, click Investigate > Search History.
Click on a search name.
- This will redirect you to Data Explorer or Search, where the query will automatically run. When the search is finished running, you can view the results at the bottom of the page.

Details included in Search History

In the search history, you'll see the following details:

A search name or UUID
The SQL expression it ran or attempted to run
The search type. The possible search types are:
- Ad Hoc: This is most commonly logged when a user runs a query in Data Explorer.
- Scheduled: A Scheduled Search, run by the database-specific API.
- Alert Detail and Alert Summary: This is populated when a user looks at details and summary pages of an alert.
- Compaction: A background process for Athena databases.
- Search: Searches run in the Search tool.
The timestamp when the query started and stopped.
The query status: Succeeded, Failed, Cancelled or Running.
The user or Panther process running the query.

How to cancel a running search

From the Search History page, click a query name.
- This will redirect you to Data Explorer where the query will automatically run.
While viewing the running query in Data Explorer, click Cancel below the query.

Note that the Cancel option will only appear on a query that is currently running.

PreviousScheduled Search Examples NextData Lakes

Last updated 6 months ago