| title | description | search.appverid | ms.service | ms.subservice | f1.keywords | ms.author | author | ms.localizationpriority | manager | audience | ms.collection | ms.topic | ms.date | |||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Rerun queries in query history |
Learn about the query history tab in advanced hunting |
met150 |
defender-xdr |
adv-hunting |
|
maccruz |
schmurky |
medium |
dansimp |
ITPro |
|
reference |
01/02/2024 |
[!INCLUDE Microsoft Defender XDR rebranding]
Applies to:
- Microsoft Defender XDR
Important
Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Your previous queries appear in the Query history tab in the lower half of the advanced hunting page. You can run queries you have generated and run before even if you have already closed the query tab that contains it.
To view your query history, select the Query history tab.
:::image type="content" source="/defender/media/advanced-hunting-query-history.png" alt-text="Screenshot of the query history pane in advanced hunting" lightbox="/defender/media/advanced-hunting-query-history.png":::
Your recent queries appear in descending order of when you last ran them. The query history contains up to 30 queries from the last 28 days.
By default, Query history contains following columns:
- Time - when the query was started
- Query
- Query time - how long the query ran
- State - whether the query was completed, failed, or was throttled
Select Customize columns to hide any of the columns in your view.
To use any of your previous queries, select the query. The Run query and Use in editor options then appear.
:::image type="content" source="/defender/media/advanced-hunting-query-history-functions.png" alt-text="Screenshot of the query history functions in advanced hunting" lightbox="/defender/media/advanced-hunting-query-history-functions.png":::
Select Run query to load and run the query in the query editor. Select Use in editor to load the query in the editor, where you can then refine it further.