Versions Compared

Old Version 2

changes.mady.by.user Omry Koschitzky

Saved on

compared with

New Version 3

changes.mady.by.user Omry Koschitzky

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Overview

Conducting search based on log information from different systems. The data coming from different sources is somewhat normalized automatically by the system. Common use cases for search:

  • Search drill-down on time interval 

Search Types

Initial Search

ththy

 At all times, data enters your system's IT infrastructure from various sources. This data is of all types, including performance data and statistics, traps and alerts, log files, configurations, scripts and messages, and comes from various sources – your logs, folders, applications, network devices, database tables, and servers.

XpoLog indexes in real time all this data entering your system's IT infrastructure from various sources, and structures and normalizes all this data – both raw and rich, into a single database of a uniform format.

XpoLog provides a search engine – XpoSearch, which enables you to conduct a search through this immense amount of data for anything that you like. This is done from the single XpoSearch search console, from which you can search all the logs in XpoLog Center (applications, servers, network devices, database tables, and more). 

Search Types

XpoSearch provides two main types of searches:

  • Initial search – a simple search

  • Complex search – an advanced search

Initial Search

In the initial search, you enter into the search query a string of simple criteria for searching all the event data. In this simple search, you can search the event data for a simple term or more than one term, perform a Boolean search, a search with wildcards, or a comparison search.

The execution of the search query returns a list of all matching events from all relevant logs (latest on top). In addition, XpoSearch returns a graphical view of the distribution of the matching events over time and per data source.

You can refine this simple search by doing either or both of the following:

  •  Performing a Filtered Search - filtering the resulting events according to the source of the event – logs, files, applications, or servers.
  • Performing a Refined Search - adding one of the event data fields, discovered during the simple search, to the search criteria of the simple search

Complex Search

Complex search queries are used for performing advanced complex operations and reporting on the log events resulting from a simple search. Execution of a complex search query results in a summary table, and can also be visualized as gadgets in XpoLog Dashboards.