Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The following table describes the user interface of the Simple Search Results Area:

Element

Description

Search Results Summary Panel

A panel that summarizes the results of the search, and provides navigation to the result event pages.

Events Toolbar

Includes icons for expanding/collapsing events and for disabling/enabling Analytics.

Events Area

A list of the events that match the search query.

Search Results Summary Panel

The Search Results Summary Panel includes the following details:

Element

Description

Search Summary

In the case of a simple search, displays the number of matching log events, the number of source logs of these events, and the period of time searched.

In the case of a complex search, displays the number of results in the table, the number of events that the results are based on, the number of source logs of these events, and the period of time searched.  

Image Modified

Previous matching events icon.

Clicking this icon displays in the Result Page Navigation Area, the numbers of the previous ten pages, and displays the first of these pages in the Search Results Area.

Image Modified

Next matching events icon.

Clicking this icon displays in the Result Page Navigation Area the numbers of the next ten pages, and displays the first of these pages in the Search Results Area.

Results Page Navigation Area 

Displays the page numbers of up to ten pages of results. You can display the previous/next ten page numbers, by clicking the Image Modified/Image Modified icons.

Clicking a page number displays that page of results in the Search Results Area. The current page number is highlighted in white.

Events Toolbar

The Events Toolbar includes the following elements:

 

Element

Description

Image Removed/Image Removed

Image Added

Expand all Events / Collapse all Events icons.

Clicking

the Image Removed icon

the icon expands all events to display all their column names and respective

values; clicking the Image Removed icon collapses all events to show only some of the column names and respective

values.

Image Removed/Image Removed

Disable Analytics / Enable Analytics icons.

Clicking the Image Removed  icon disables Analytics for all events; clicking the Image Removed  icon enables Analytics for all events.

Events Area

The Events Area includes a list of events resulting from the search, where each event contains the following elements:

Element

Description

Event timestamp

The date and time that the event occurred, in the format MM/DD/YYYY HH:MM:SS

Analytics layer

If Analytics is active, colors the fonts of the column values that Analytics detects as problematic, according to the following color-coding:

  • Red – high severity problem

  • Orange – medium severity problem

  • Yellow – low severity problem

Under the timestamp, displays the severity of the most severe column value detected by Analytics in the event: high, medium, low, or none.

Event structure

The structure of the event, including its column names and respective column text, in the format ([COLUMN_NAME] COLUMN_TEXT).

Event source fields

Shows the source of the event – the log, server, and/or applications which generated the event. Mouse over on the log source indicator [Log] presents the full path of the source log that this message originates from.

Image Removed
Image Added

Expand Event icon.

Appears at the end of an event that can be expanded to show all its column names and respective values. 

Clicking

the Image Removed icon

the icon expands the event to display all its column names and respective values

, and changes the icon to the Collapse Event icon Image Removed, so that it can be shortened at a later time

.

Mouse Over Options

Mouse over on search results (and columns names) presents two optional action:

Image Removed

Search Actions - Clicking this icon presents a list of possible search actions on the highlighted phrase: append to current search using AND, append to current search using OR, excluding from current search, replacing the current search.

Image Removed Data Markers - Clicking this icon presents colors to be selected in order to mark the highlighted phrase: