Available only when ArcSight Recon is deployed in your environment
To reduce the time required to create and manage searches, configure Search to use your preferred settings. You can always override your preferences as needed when you create a search. When you modify your Search preferences, the changes apply to new searches. Existing searches are not affected unless you re-run the search.
Specifies the fieldset you regularly use for a search. The default value is Base Event Fields.
Specifies if the Events Table displays results in the Grid View or Raw View. The default value is Grid View.
Instructs Search to adjust the timestamp for events to the chosen time zone.
Specifies the format of dates and times you want Search to use. The default is YYYY/MM/DD.
Specifies the time range you want Search to find events. The default is Last 30 minutes.
Specifies the timestamp Recon associates with the event you want to find.
Specifies how often you want searches to expire, and thus Recon to remove them from the system. Alternatively, you can choose to never remove a search.
Also, the expiration date resets whenever you access the search. Resetting the date includes resuming or re-running the search, as well as saving the search.
Specifies the maximum number of events Search returns. Search considers a search complete when the results reach the maximum limit.
Specifies whether Search uses color to differentiate the syntax terms from the operators and functions within the query.