You can perform a complex search to view a summary of the counts of all events that answer specific criteria, as opposed to the simple search, where you view each and every event that answers the search criteriaComplex search queries can be run on search results for advanced computation and reporting on matching log events.
During a simple search, XpoSearch XpoLog extracts all the fields from the events, and displays in the Augmented Search Pane, under Interesting Fields, the ten fields that appear most often. You can perform what it finds to be the most interesting fields. You can run a complex search on the results of the simple search, by hovering on clicking any of these interesting fields and selecting one of the available functions that can be performed on the field.
The results of a complex search are presented in tabular format, as opposed to the simple search, which displays each and every event that meets the search criteria.
The default complex search that is triggered by selecting a filed is based on the search query that was executed, grouping by the search results by the selected interesting filed.
To perform a complex search:
In the Augmented Search Pane, under Interesting Fields, choose a field to include in your complex search. On the bottom of the list, you can click Load more to choose from other interesting fields.
A menu of functions that can be performed on the field
...
is displayed.
From the menu, select the function to perform on the interesting field.
The search query is automatically updated, transforming the simple search to a complex search, and the search
...
runs, displaying a result summary table.
Alternatively, you can type a complex search query into the Search Query Panel (see Complex Search Syntax Reference).