...
Type | Description |
---|---|
Boolean | AND – A and B match events that contain A and B. OR – A or B match events that contain A or B. NOT – A and NOT (B or C) match events that contain A but not B or C C. |
Quotation Marks | Used to get an exact match of a term. Recommended when there is a key word (such as ( ), =, and, or, not, in, *, ?) within a searched term. Example: "connection(1234) failure" -> returns events with an exact match to connection(1234) failure. |
Parentheses | Used to unify a term result or to create precedence within search queries. Examples: a or (b in folder.my_folder) -> search for events that contain a, or events that contain b in sub folders and logs under the folder my_folder. |
Graph Area | Displays a graphic distribution of the events resulting from the search query. |
Wildcards | May be placed anywhere in a search term: * – *foo, foo*, f*oo, *foo*, *f*o*o* (* represents any characters, 0 or more times) ? – ?oo, fo?, f? o (? represents any character, exactly one time) |
Search in specific log/folder/application/server | Search for a term in a specified log, folder, application, or server. Examples: error in log.my_log -> search for error only in logs whose name is my_log. error in app.my* -> search for error only in logs associated to applications whose name starts with my. |
Comparison Search (in a specific log column) | Search for events that have a specific column of a specific value. Examples: column_name=search_value -> search for events that have a column named column_name whose value equals search_value (relevant only for logs that have a column with that name). |
Activate saved search | Activate a search that you previously saved. search.search_name -> execute the saved search called search_name. |
...