Query History
Monitor query status and stop running queries
The Query History page gives you visibility into what queries are running or recently ran in your Panther instance. It displays the last 30 days of SQL queries run through the Panther Console.
- 1.Log in to the Panther Console.
- 2.In the left sidebar, click Investigate > Query History.
- 3.Click on a query name.
- This will redirect you to Data Explorer, where the query will automatically run. When the query is finished running, you can view the results at the bottom of the page.
In the query history, you'll see the following details:
- A query name or UUID
- The SQL expression it ran or attempted to run
- The query type. The possible query types are:
- Ad-hoc: This is most commonly logged when a user runs a query in Data Explorer.
- Alert Detail and Alert Summary: This is populated when a user looks at details and summary pages of an alert.
- Compaction: A background process for Athena databases.
- Indicator Search (Columns, Details, and Timeline): Queries run during the use of Panther's Indicator Search feature.
- Note: For Indicator Search queries, you can navigate to Indicator Search to run the query there. In Query History, click ... in the upper right corner of the query, then click Open in Indicator Search.
- The timestamp when the query started and stopped.
- The query status: Succeeded, Failed, Cancelled or Running.
- The user or Panther process running the query.
- 1.From the Query History page, click a query name.
- This will redirect you to Data Explorer where the query will automatically run.
- 2.While viewing the running query in Data Explorer, click Cancel below the query.
Note that the Cancel option will only appear on a query that is currently running.
Last modified 6mo ago