Click on the “Forwarder Awareness Searches” tab of the Forwarder Awareness app at the top ribbon. This will open a new tab.
The table within this tab displays searches, reports, and alerts by name, type, next scheduled time, display view, owner, app, number of alerts, sharing, and enablement status.
To view details of your searches, click the name of the search. This will open a pop-up window entitled “Edit Search” displaying the search title, description, search query in SPL, and time fields. Users may edit the search from this window or click “Edit > Edit Search” on the table to open the same window.
The “Actions” column allows users to edit various aspects of the search as well as to clone and embed the search.
Click on “Run” in the “Actions” column to run the search. This will open the search in a new tab.
To create a new report, click on the “New Report” button at the top right of the “Searches, Reports, and Alerts” page. This will open a pop-up window.
The window that appears, entitled “Create Report,” will prompt users to type in a title, optional description, search query, optional earliest time, and optional latest time. Select an app from the dropdown menu. Click either the “Yes” or “No” button for “Time Range Picker”. Click the green “Save” button at the bottom right of the window to save the report.
To create a new alert, click the “New Alert” button at the top right of the page. This will open a pop-up window.
The window that appears, entitled “Create Alert,” will prompt users to type in a title, optional description, and search query. Select an app from the dropdown menu and set permissions and alert type using the buttons. Users can specify between a scheduled alert, which will prompt an interval selection, and a real-time alert. Choose an expiration window for each.
Users may need to scroll to reveal all options in the “Create Alert” window. Use the buttons to select trigger conditions and add optional trigger actions using the dropdown menu. Click the green “Save” button in the bottom right of the window to save the alert.
