Search queries executed queries run by XpoSearch return the following:
- A graphical presentation of matching events over timeDistribution over , with the ability to see the distribution of events over the multiple log sources
- The matching log events from all relevant logs
Analyzing Graphical Distribution of Search Results
XpoSearch returns a graph that shows the distribution of events over time. You can choose how to display the graph and what to show in the graph. You can also view the distribution of the results in a log, zoom in or out of any time slot, and view the previous or next timeslot.
Defining the Graph
XpoSearch enables you to define what your graph looks like, as well as its contents, using the icons on the Graph Toolbar.
Defining Graph Display
You have the option of displaying your graph as a bar graph (the default) or a line graph. In the bar graph, a bar appears at each point in time where events were found to match your search query. The height of each bar represents the number of events that occurred at the specific time. A bar does not appear at times when no events matching your search query occurred. A line graph shows how the number of events matching the search query changes from one point in time to the next.
To display your graph as a bar graph:
- In the Graph Toolbar, click .
To display your graph as a line graph:
- In the Graph Toolbar, click .
Defining Graph Contents
You have the option of displaying your graph in a split view or a summary view.
Viewing Distribution of Results
Viewing Results in Log
Zooming In/Out of a Timeslot
You can zoom into any timeslot in your graph, so that you can see a more detailed breakdown of events over a smaller period of time. For example, a search executed for a time period of seven days shows the distribution of events that match the search criteria, per day. You can then zoom into any timeslot (day) to see the distribution of events during that day, and you can zoom in further to see the distribution of events in a specific hour on that day. At any point, you can zoom out repeatedly until you reach the graph resulting from the time period that you selected for the search query.
To zoom into a timeslot:
- In the graph, in the timeslot which you want to zoom into, click the zoom in icon .
The zoomed-in timeslot is subdivided into smaller timeslots. The button appears, enabling you to zoom out to the previous display. The time period of the search is automatically changed to Custom.
You can repeatedly click the zoom in icon to see a more detailed distribution of the events.
To zoom out of a timeslot:
- In the graph, click the button.
You can repeatedly click thebutton until the graph is displayed for the time period that you selected for the search query. At this point, the button will no longer appear.
Viewing the Previous/Next Timeslot
You can display the previous or next timeslot directly from the graph.
To display the previous timeslot:
- Below the graph, on the left, click the icon.
To display the next timeslot:
- Below the graph, on the right, click the icon.
Analyzing Search Result Events
Expanding/Collapsing All Events
XpoSearch enables you to view detailed stack trace information of all resulting events, provided that the events have stack traces. This feature makes it possible for you to see the cause of any event. You can also close the stack traces of all events.
To expand all events:
- In the Events toolbar, click the Expand Events icon .
To collapse all events:
- In the Events toolbar, click the Collapse Events icon .
Enabling/Disabling Analytics of All Events
By default, while XpoSearch searches for all events that match your search query, it also performs analytics on all events, colorcoding the fields according to their severity, and displaying the severity of the events. You can disable analytics, so that XpoSearch only performs the search.
To disable analytics of all events:
- In the Events toolbar, click the Disable Analytics icon .
To enable analytics of all events:
- In the Events toolbar, click the Enable Analytics icon .
Viewing the Analytics of an Event
You can view the analytics of any event.
To view the analytics of an event:
- Navigate to the page which contains the event for which you want to open the analytics, and hover over the event.
A menu appears to the right of the event. - In the menu, select Analytics.
The analytics page for this event opens under the Analytics tab, showing . . See for a detailed explanation of this screen.
Viewing an Event in the Log Viewer
You can view any event in the log viewer.
To view an event in the log viewer:
- Navigate to the page which contains the event that you want to view in the log viewer, and hover over the event.
A menu appears to the right of the event. - In the menu, select Log Viewer.
A notification box opens, informing that the system is loading the log. The Export to PDF notification box appears if pop-ups are blocked. If so, click Continue.
The Log Viewer opens under the XpoLog tab, showing . . See for a detailed explanation of this screen.
Navigating to a Page of Events
You can navigate to any page of search results.
To navigate to a page of events:
- In the Events Summary Panel, in the Page Selection Area, click the and icons to display the previous/next event page numbers, until the page number that you want to view appears.
- Click the page number.
The events on that page are displayed in the Search Results Area.
Setting the Number of Events Per Page
By default, 25 events are displayed per page. Instead, you can set the system to display either 10,50, or 100 events per page.
To set the number of events per page:
- In the Events Summary Panel, in the Event Number per Page textbox, select from the dropdown list the number of events to display per page.
- A summary panel of the search results, with the ability to set the number of results per page and navigate to any page
- For a simple search – the matching log events from all relevant logs
- For a complex search – a table that summarizes the results of the complex search