• Basics of Cisco Defense Orchestrator
  • Onboard Secure Firewall Threat Defense Devices
  • Onboard ASA Devices
  • Onboard an On-Prem Firewall Management Center
  • Migrate On-Prem Management Center Managed Secure Firewall Threat Defense to Cloud-delivered Firewall Management Center
  • Onboard an Umbrella Organization
  • Onboard Cisco Defense Orchestrator Integrations
  • Onboard Meraki MX Devices
  • Onboard AWS Devices
  • Onboard Duo Admin Panel
  • Upgrade Devices and Services
  • Managing On-Prem Firewall Management Center with Cisco Defense Orchestrator
  • Managing Cisco Secure Firewall Threat Defense Devices with Cloud-delivered Firewall Management Center
  • Managing FDM Devices with Cisco Defense Orchestrator
  • Managing ASA with Cisco Defense Orchestrator
  • Migrating Firewalls with the Firewall Migration Tool in Cisco Defense Orchestrator
  • Managing Umbrella with Cisco Defense Orchestrator
  • Managing Meraki with Cisco Defense Orchestrator
  • Managing IOS Devices with Cisco Defense Orchestrator
  • Managing AWS with Cisco Defense Orchestrator
  • Managing SSH Devices with Cisco Defense Orchestrator
  • Integrating CDO with Cisco Security Cloud Sign On
  • Virtual Private Network Management
  • Monitor Multi-Factor Authentication Events
  • Cisco Security Analytics and Logging
    • About Security Analytics and Logging (SaaS) in Cisco Defense Orchestrator
    • Event Types in CDO
    • About Security Analytics and Logging (SAL SaaS) for the ASA
    • Implementing Secure Logging Analytics (SaaS) for ASA Devices
    • Send ASA Syslog Events to the Cisco Cloud using a CDO Macro
    • Send ASA Syslog Events to the Cisco Cloud Using the Command Line Interface
    • NetFlow Secure Event Logging (NSEL) for ASA Devices
    • Parsed ASA Syslog Events
    • Secure Logging Analytics for FDM-Managed Devices
    • Implementing Secure Logging Analytics (SaaS) for FDM-Managed Devices
    • Send FDM Events to Cisco Defense Orchestrator Events Logging
    • Send FDM-Managed Events Directly to the Cisco Cloud
    • Implementing SAL (SaaS) for Cloud-Delivered Firewall Management Center-Managed Devices
    • Requirements, Guideline, and Limitations for the SAL (SaaS) Integration
    • Send Cloud-delivered Firewall Management Center-Managed Events to SAL (SaaS) Using Syslog
    • Send Cloud-delivered Firewall Management Center-Managed Event Logs to SAL (SaaS) Using a Direct Connection
    • Enable or Disable Threat Defense Devices to Send Event logs to SAL (SaaS) Using a Direct Connection
    • Secure Event Connectors
    • Installing Secure Event Connectors
    • Deprovisioning Cisco Security Analytics and Logging (SaaS)
    • Remove the Secure Event Connector
    • Provision a Cisco Secure Cloud Analytics Portal
    • Review Sensor Health and CDO Integration Status in Secure Cloud Analytics
    • Cisco Secure Cloud Analytics Sensor Deployment for Total Network Analytics and Reporting
    • Viewing Cisco Secure Cloud Analytics Alerts from CDO
    • Cisco Secure Cloud Analytics and Dynamic Entity Modeling
    • Working with Alerts Based on Firewall Events
    • Modifying Alert Priorities
    • Viewing Live Events
    • Show and Hide Columns on the Event Logging Page
    • Customizable Event Filters
    • Event Attributes in Security Analytics and Logging
    • Searching for and Filtering Events in the Event Logging Page
      • Filter Live or Historical Events
      • Filter Only NetFlow Events
      • Filter for ASA or FDM-Managed Device Syslog Events but not ASA NetFlow Events
      • Combine Filter Elements
      • Search Historical Events in the Background
      • Search for Events in the Events Logging Page
      • Schedule a Background Search in the Event Viewer
    • Download a Background Search
    • Data Storage Plans
    • Finding Your Device's TCP, UDP, and NSEL Port Used for Secure Logging Analytics (SaaS)
    • Troubleshooting Network Problems Using Security and Analytics Logging Events
  • FTD Dashboard
  • Cisco Secure Dynamic Attributes Connector
  • Troubleshooting
  • FAQ and Support
  • Security and Internet Access
  • Open Source and 3rd Party License Attribution
  • Terraform

Schedule a Background Search in the Event Viewer

Schedule a recurring query in the background in the event viewer page. Searches can only be scheduled for historical events. You can modify or cancel the scheduled search at any time. You can also modify an existing query to be a recurring search.

Note

You can opt to get alerts on searches that have started, completed, or have failed.

You can schedule a background search only for historical events. Use the following steps to create a scheduled background search:

Procedure

Step 1

In the navigation bar, choose Analytics > Event Logging.

Step 2

Click the Historical toggle to select it. You can only schedule a background search for historical events.

Step 3

In the search bar, type the search expression you want to search for. Click the Search drop-down button and choose Search in background.

Step 4

(Optional) Rename the search.

Step 5

The Search Now checkbox is checked by default. When checked, the search starts upon saving; if unchecked, the background query runs only as a future search.

Step 6

Check the Setup recurring schedule and configure the following settings:

  • Search Logs for the Last - How far back you want to search through.

  • Frequency - How frequent you want the scheduled search to occur.

Step 7

Confirm the scheduled search criteria at the bottom of the window. Select Schedule and Search Now. Alternatively, if you did not opt for the search to start immediately, the button reads Schedule Search

What to do next

Results from a scheduled background search are available for review for up to 7 days before CDO automatically deletes them.

Copyright © 2024, Cisco Systems, Inc. All rights reserved.