indicates that the search is in progress; indicates that the search is complete.

Opens a menu, which provides the following actions that can be performed on the search:

• Save Search – selecting this item saves the search query in the system.
• Save Monitor – selecting this item saves the search query as a monitor.
• Export to PDF – selecting this item saves the search query and results in a PDF file.

Clicking this icon displays a window with four tabs:

• Search History – selecting this tab opens a window that displays your recent and popular searches.
• Saved Searches – selecting this tab opens a window with a listing of the names of the searches that you saved.
• Simple Search Syntax – this tab is open when the window is displayed; it lists the syntax that you can use to formulate a simple search.
• Complex Search Syntax – selecting this tab opens a window which lists the syntax that you can use to formulate a complex search.

Enables searching for events that occurred in a specific time period.

Selectable time periods include:

• The entire time that the log exists: All time
• Predefined time periods: Last hour, Last 12 hours, Last 24 hours, Last 3 days, Last 7 days, Last 2 weeks, Last 3 weeks, Last 4 weeks, Last 3 months, Last 6 months, Last 12 months
• Customized time periods: Custom. 

Boolean 

AND – A and B match events that contain A and B.

OR – A or B match events that contain A or B.

NOT – A and NOT (B or C) match events that contain A but not B or C. 

Used to get an exact match of a term. Recommended when there is a key word (such as ( ), =, and, or, not, in, *, ?) within a searched term.

Example: "connection(1234) failure" -> returns events with an exact match to connection(1234) failure.

Used to unify a term result or to create precedence within search queries.

Examples:

a or (b in folder.my_folder) -> search for events that contain a, or events that contain b in sub folders and logs under the folder my_folder.

a or b in folder.my_folder -> search for events that contain a or b in sub folders and logs under the folder my_folder.

a and b or c -> precedence to the key word and, this term is equivalent to (a and b) or c.

a and (b or c) -> precedence to b or c;  its result and a.

Search for a term in a specified log, folder, application, or server.

Examples:

error in log.my_log -> search for error only in logs whose name is my_log.
error in log.my* -> search for error only in logs whose name starts with my.

error in folder.my_folder -> search for error only in logs under folders whose name is my_folder.
error in folder.my* -> search for error only in logs under folders whose name starts with my.

error in host.my_host -> search for error only in logs whose source name is my_host.
error in host.my* -> search for error only in logs whose source name starts with my.
host.my_host is equivalent to server.my_host.

error in app.my_app -> search for error only in logs associated to applications whose name is my_app.

error in app.my* -> search for error only in logs associated to applications whose name starts with my.
app.my_app is equivalent to application.my_app.

Search for events that have a specific column of a specific value.

Examples:

column_name=search_value -> search for events that have a column named column_name whose value equals search_value (relevant only for logs that have a column with that name).

column_name=search_value in log.my_log -> search for events in the log my_log that have a column column_name whose value equal  to search_value (relevant only if the log has a column with that name).

column_name contains search_value -> search for events that have a column named column_name whose value contains search_value (relevant only to logs that have a column with that name).

column_name contains search_value in log.my_log -> search for events in the log my_log which have a column column_name whose value contains the search_value (relevant only if the log has a column with that name).

Activate a search that you previously saved.

search.search_name -> execute the saved search called search_name.