Page Comparison

Boolean 

AND – A and B match events that contain A and B.

OR – A or B match events that contain A or B.

NOT – A and NOT (B or C) match events that contain A but not B or C. 

Used to get an exact match of a term. Recommended when there is a key word (such as ( ), =, and, or, not, in, *, ?) within a searched term.

Example: "connection(1234) failure" -> returns events with an exact match to connection(1234) failure.

Used to unify a term result or to create precedence within search queries.

Examples:

a or (b in folder.my_folder) -> search for events that contain a, or events that contain b in sub folders and logs under the folder my_folder.

a or b in folder.my_folder -> search for events that contain a or b in sub folders and logs under the folder my_folder.

a and b or c -> precedence to the key word and, this term is equivalent to (a and b) or c.

a and (b or c) -> precedence to b or c;  its result and a.

Search Searches for a term in a specified log, folder, application, or server.

Examples:

error in log.my_log -> search for error only in logs whose name is my_log.
error in log.my* -> search for error only in logs whose name starts with my.

error in folder.my_folder -> search for error only in logs under folders whose name is my_folder.
error in folder.my* -> search for error only in logs under folders whose name starts with my.

error in host.my_host -> search for error only in logs whose source name is my_host.
error in host.my* -> search for error only in logs whose source name starts with my.
host.my_host is equivalent to server.my_host.

error in app.my_app -> search for error only in logs associated to applications whose name is my_app.

error in app.my* -> search for error only in logs associated to applications whose name starts with my.
app.my_app is equivalent to application.my_app.

Search Searches for events that have a specific value in a specific column of the log.

Examples:

column_name=search_value -> search for events that have a column named column_name whose value is equal to search_value (relevant only for logs that have a column with that name).

column_name=search_value in log.my_log -> search for events in the log my_log that have a column column_name whose value is equal  to search_value (relevant only if the log has a column with that name).

column_name contains search_value -> search for events that have a column named column_name whose value contains search_value (relevant only to logs that have a column with that name).

column_name contains search_value in log.my_log -> search for events in the log my_log, which have a column column_name whose value contains  search_value (relevant only if the log has a column with that name).

Searches in events for values represented by regular expressions.

Example:

regexp:\d+ in log.access -> search for numbers in events.

Activate Activates a search that you previously saved.

search.search_name -> execute the saved search called search_name.