Skip to content

Commit 5cd7c43

Browse files
guywi-msguywi-ms
committed
Update search-jobs.md
1 parent 70e00c1 commit 5cd7c43

File tree

1 file changed

+3
-3
lines changed

1 file changed

+3
-3
lines changed

articles/sentinel/search-jobs.md

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -17,9 +17,9 @@ ms.collection: usx-security
1717

1818
# Search for specific events across large datasets in Microsoft Sentinel
1919

20-
Use a search job when you start an investigation to scan through up to a year of data for specific events. You can a run search job on any table, including tables with the Analytics, Basic, and Auxiliary log plans. The search job sends its results to a new Analytics table in the same workspace as the source data. This article explains how to run a search job in Microsoft Sentinel and how to work with the search job results.
20+
Use a search job when you start an investigation to scan through up to a year of data in a table for specific events. You can a run search job on any table, including tables with the Analytics, Basic, and Auxiliary log plans. The search job sends its results to a new Analytics table in the same workspace as the source data. This article explains how to run a search job in Microsoft Sentinel and how to work with the search job results.
2121

22-
- Search jobs across certain data sets might incur extra charges. For more information, see [Microsoft Sentinel pricing page](billing.md).
22+
Search jobs across certain data sets might incur extra charges. For more information, see [Microsoft Sentinel pricing page](billing.md).
2323

2424
[!INCLUDE [unified-soc-preview](includes/unified-soc-preview.md)]
2525

@@ -49,7 +49,7 @@ Go to **Search** in Microsoft Sentinel from the Azure portal or the Microsoft De
4949

5050
:::image type="content" source="media/search-jobs/search-job-advanced-kql-ellipsis.png" alt-text="Screenshot of KQL editor with revised search with ellipsis highlighted for Search job mode." lightbox="media/search-jobs/search-job-advanced-kql-ellipsis.png":::
5151

52-
1. Specify the search job date range using the **Time range** selector. Don't include a time range in your KQL query as it is ignored.
52+
1. Specify the search job date range using the **Time range** selector. If your query also specifies a time range, Microsoft Sentinel runs the search job on the union of the time ranges.
5353

5454
1. Resolve any KQL issues indicated by a squiggly red line in the editor.
5555

0 commit comments

Comments
 (0)