The execution of a Simple Search generates all events that match the search query, up to the maximum number of events allowed by the system. You can view the analytics of any event, and view the event in a log viewer. You also have a choice of expanding
The following is displayed for each event:
- The timestamp of the event, i.e. the date and time that the event occurred
- The overall severity of the event (colorcoded, high, medium, low, or none) (provided that Analytics is enabled)
- The fields and field values of the event
- The log, host, and applications of the event.
The text that you searched for is highlighted in yellow, and the font of the text is colored according to the severity of the text in the event, provided that analytics is enabled (the system default):
- Red – high severity problem
- Orange – medium severity problem
- Yellow – low severity problem
- Green – no problem found
Hovering over any event displays a menu which enables you to open the analytics of the event, or view the event in the log viewer.
You also have the option to expand all events to see their stack traces, and disabling to disable the analytics of all events (which is normally enabled).
Expanding/Collapsing All Events
...
By default, while XpoSearch searches for all events that match your search query, it also performs analytics on all events, colorcoding color-coding the fields according to their severity, and displaying the severity of the events, and suggesting additional potentially problematic fields from the events. You can disable analytics, so that XpoSearch only performs the search.
...