Scheduled Queries

You can schedule search queries to run at a selected time and frequency.

You can create a schedule to run the Advanced Search queries at the required time intervals and have the reports sent as email attachments.

Note: Only SQL and EQL queries are supported.

You can view a list of scheduled queries from any of the following locations:

By clicking Search > Advanced Search > > Show Scheduled Queries
Note: This option is disabled if there is no text in the search field.
By navigating to the Management > Advanced Features > Queries > Scheduled page

From the Scheduled Queries page, you can:

View a list of scheduled queries.
Click a query to open the Details pane that displays more information about the query.
Create, update, or delete a scheduled query.
Configure multiple schedules to execute the query and save its reports.
Enable or disable query schedules:
- To enable or disable selected schedules, click the toggle button next to the schedule name.
- To disable all schedules, click the toggle button next to the title Schedules.
Download the search results or send the results as email attachments. For more information, see Configuring Query Schedules.