Query History
Monitor query status and stop running queries
Last updated
Was this helpful?
Monitor query status and stop running queries
Last updated
Was this helpful?
The Query History page gives you visibility into what queries are running or recently ran in your Panther instance. It displays the last 30 days of SQL queries run through the Panther Console.
Log in to the Panther Console.
In the left sidebar, click Investigate > Query History.
Click on a query name.
This will redirect you to Data Explorer, where the query will automatically run. When the query is finished running, you can view the results at the bottom of the page.
In the query history, you'll see the following details:
A query name or UUID
The SQL expression it ran or attempted to run
The query type. The possible query types are:
Ad-hoc: This is most commonly logged when a user runs a query in Data Explorer.
Alert Detail and Alert Summary: This is populated when a user looks at details and summary pages of an alert.
Compaction: A background process for Athena databases.
Note: For Indicator Search queries, you can navigate to Indicator Search to run the query there. In Query History, click ... in the upper right corner of the query, then click Open in Indicator Search.
The timestamp when the query started and stopped.
The query status: Succeeded, Failed, Cancelled or Running.
The user or Panther process running the query.
From the Query History page, click a query name.
This will redirect you to Data Explorer where the query will automatically run.
Note that the Cancel option will only appear on a query that is currently running.
Scheduled: A , run by the database-specific API.
Indicator Search (Columns, Details, and Timeline): Queries run during the use of Panther's feature.
While viewing the running query in Data Explorer, click Cancel below the query.
