Skip to content

Commit 70e00c1

Browse files
guywi-msguywi-ms
authored
Update search-jobs.md
1 parent 9e4eb6d commit 70e00c1

File tree

1 file changed

+7
-9
lines changed

1 file changed

+7
-9
lines changed

articles/sentinel/search-jobs.md

Lines changed: 7 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -1,25 +1,23 @@
11
---
2-
title: Search across long time spans in large datasets - Microsoft Sentinel
2+
title: Search for specific events across large datasets in Microsoft Sentinel
33
description: Learn how to use search jobs to search large datasets.
4-
author: austinmccollum
4+
author: guywi-ms
55
ms.topic: how-to
6-
ms.date: 03/07/2024
7-
ms.author: austinmc
6+
ms.date: 03/06/2025
7+
ms.author: guywild
88
appliesto:
99
- Microsoft Sentinel in the Microsoft Defender portal
1010
- Microsoft Sentinel in the Azure portal
1111
ms.collection: usx-security
1212

1313

14-
#Customer intent: As a security analyst, I want to search and analyze historical log data across large datasets so that I can investigate and identify specific events.
14+
#Customer intent: As a security analyst, I want to search through historical log data in a specific table so that I can find and analyze specific events.
1515

1616
---
1717

18-
# Search across long time spans in large datasets
18+
# Search for specific events across large datasets in Microsoft Sentinel
1919

20-
Use a search job when you start an investigation to find specific events in logs up to seven years ago. You can search events across all your logs, including events in Analytics, Basic, and Archived log plans. Filter and look for events that match your criteria.
21-
22-
- For more information on search job concepts and limitations, see [Start an investigation by searching large datasets](investigate-large-datasets.md) and [Search jobs in Azure Monitor](/azure/azure-monitor/logs/search-jobs).
20+
Use a search job when you start an investigation to scan through up to a year of data for specific events. You can a run search job on any table, including tables with the Analytics, Basic, and Auxiliary log plans. The search job sends its results to a new Analytics table in the same workspace as the source data. This article explains how to run a search job in Microsoft Sentinel and how to work with the search job results.
2321

2422
- Search jobs across certain data sets might incur extra charges. For more information, see [Microsoft Sentinel pricing page](billing.md).
2523

0 commit comments

Comments
 (0)