Image Added

Open the Search Options window icon

Clicking this icon displays a window with four links:

• Search History – Clicking this link opens a window that displays your recent and popular searches.

• Saved Searches – Clicking this link opens a window with a listing of the names of the searches that you saved.

• Simple Search Syntax – Clicking this link opens a window, which lists the syntax that you can use to formulate a simple search.

• Complex Search Syntax – Clicking this link opens a window, which lists the syntax that you can use to formulate a complex search.

It also includes a Close icon for closing the Search Options window.

Auto-complete section

Image Added

When typing a query, the auto-complete section opens. The left side provides suggestions on relevant syntax and sources to run the search on. The right side presents Search History and Saved Searches available for selection.

Image Added / Image Added

Search Status icon

Image Addedindicates that the search is in progress;

Image Addedindicates that the search is complete.

Search Query

Area for typing a simple or complex search query, or for activating a saved search query. This section will dynamically be expanded when long queries are typed.

Actions

Image Added 
Action items are presented below the search query panel after a search has completed. You can click an action that can be performed on the search query:

• Save Search – 

• Selecting this item saves the search query in the system.

• Save Widget – Selecting this item saves the search query as a widget.

• Save Monitor – 

• Selecting this item saves the search query as a monitor.

• Export to PDF/CSV – 

• Selecting this item saves the search query and results in a PDF/CSV file.

Image Added 

/ Image Added

Close Augmented Search / Open Augmented Search buttons.
By default, the Augmented Search Pane is open. Clicking the 

Image Added

 button closes the pane; clicking the 

Image Added

 button opens the pane.

Time Period

Defines the time period during which the search is to be run.

Selectable time periods include:

• The entire time that the log exists: All Time

• Predefined time periods: Today, Yesterday, This Week, Last Week, Last 15/30/60 Minutes, Last 3/12/24 hours, Last 7/14 days, Last 1/3 months

• Live: Real time search mode will be activated and new records, that match the search criteria will be loaded to the screen (see below)

• Customized time periods: Custom. 

Live Search

XpoLog Search provides Live mode search (near real time). The Live mode may be activated by selecting it from the list of time period options. Once selected the graph area will be cleared and a red button

Image Added

will be presented to indicate Live is active. New records which matches the query criteria will be loaded to the screen every few seconds.

Clicking this button after typing a search into the Search Query commences the search. 
While a search is being executed the pause button will be presented Image Added click it to pause the search and then resume to continue the search Image Added

Note: The Search button does not have to be clicked after entering a saved search or a search from history into the Search Query, changing the time period, or performing an augmented search from the Augmented Search Pane. In these cases, the search runs automatically.

Boolean 

AND – A and B

matches events that contain A and B.

OR –

A or B

matches events that contain

A or B.

NOT – A and NOT (B or C)

matches events that contain

A but not B or C. 

Quotation Marks

Used to get an exact match of a term. Recommended when there is a key word (such as ( ), =, and, or, not, in, *, ?) within a searched term.

Example: "connection(1234) failure" -> returns events with an exact match to connection(1234) failure.

Parentheses

Used to unify a term result or to create precedence within search queries.

Examples:

a or (b in folder.my_folder) ->

searches for events that contain a, or events that contain b in sub folders and logs under the folder my_folder.

a or b in folder.my_folder ->

searches for events that contain a or b in sub folders and logs under the folder my_folder.

a and b or c -> precedence to the key word and, this term is equivalent to (a and b) or c.

a and (b or c) -> precedence to b or c;  its result and a.

 Wildcards

May be placed anywhere in a search term:

* – *foo, foo*, f*oo, *foo*, *f*o*o* (* represents any characters, 0 or more times)

? – ?oo, fo?, f? o (? represents any character, exactly one time)

Search in a specific log/folder/application/server

Searches for a term in a specified log, folder, application, or server.

Examples:

error in log.my_log ->

searches for error only in logs whose name is my_log.
error in log.my* ->

searches for error only in logs whose name starts with my.

error in folder.my_folder ->

searches for error only in logs under folders whose name is my_folder.
error in folder.my* ->

searches for error only in logs under folders whose name starts with my.

error in host.my_host ->

searches for error only in logs whose source name is my_host.
error in host.my* ->

searches for error only in logs whose source name starts with my.
host.my_host is equivalent to server.my_host.

error in app.my_app ->

searches for error only in logs associated to applications whose name is my_app.

error in app.my* ->

searches for error only in logs associated to applications whose name starts with my.
app.my_app is equivalent to application.my_app.

Column-based Search

Searches for events that have a specific value in a specific column of

the log.

Examples:

column_name=search_value ->

searches for events that have a column named column_name whose value

is equal to search_value (relevant only for logs that have a column with that name).

column_name=search_value in log.my_log ->

searches for events in the log my_log that have a column column_name whose value is equal  to search_value (relevant only if the log has a column with that name).

column_name contains search_value ->

searches for events that have a column named column_name whose value contains search_value (relevant only to logs that have a column with that name).

column_name contains search_value in log.my_log ->

searches for events in the log my_log, which have a column column_name whose value

contains  search_value (relevant only if the log has a column with that name).

 Regular expression search

Searches in events for values represented by regular expressions.

Example:

regexp:\d+ in log.access -> searches for numbers in events.

 Activate saved search

Activates a search that you previously saved.

search.search_name ->

runs the saved search called search_name.