Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 18 Next »

The Search Query Panel user interface includes the following elements:

 

ElementDescription
 

Search Options icon

Clicking this icon displays a window with four tabs:

  • Search History – selecting this tab opens a window that displays your recent and popular searches.
  • Saved Searches – selecting this tab opens a window with a listing of the names of the searches that you saved.
  • Simple Search Syntax – selecting this tab opens a window, which lists the syntax that you can use to formulate a simple search.
  • Complex Search Syntax – selecting this tab opens a window, which lists the syntax that you can use to formulate a complex search.
 /

Search Status icon

indicates that the search is in progress; indicates that the search is complete.

Search Query Area for typing a simple or complex search query, or for activating a saved search query.

Clicking this button changes it to the  menu item, which you can click to open a selection of actions that can be performed on the search:

  • Save Search – selecting this item saves the search query in the system.
  • Save Monitor – selecting this item saves the search query as a monitor.
  • Export to PDF – selecting this item saves the search query and results in a PDF file.
 / Close Augmented Search / Open Augmented Search buttons.
By default, the Augmented Search Pane is open. Clicking the  button closes the pane; clicking the  button opens the pane.
Time Period

Defines the time period during which the search is to be executed.

Selectable time periods include:

  • The entire time that the log exists: All time
  • Predefined time periods: Last hour, Last 12 hours, Last 24 hours, Last 3 days, Last 7 days, Last 2 weeks, Last 3 weeks, Last 4 weeks, Last 3 months, Last 6 months, Last 12 months
  • Customized time periods: Custom
Clicking this button after typing a search into the Search Query commences the search. 
Note: The Search button does not have to be clicked after entering a saved search or a search from history into the Search Query, changing the time period, or performing an augmented search from the Augmented Search Pane. In these cases, the search is performed automatically.

 Simple Search Syntax

 The following table summarizes the simple search syntax:

 

TypeDescription

Boolean 

ANDA and B matches events that contain A and B.

ORA or B matches events that contain A or B.

NOT – A and NOT (B or C) matches events that contain A but not B or C

Quotation Marks

Used to get an exact match of a term. Recommended when there is a key word (such as ( ), =, and, or, not, in, *, ?) within a searched term.

Example: "connection(1234) failure" -> returns events with an exact match to connection(1234) failure.

Parentheses

Used to unify a term result or to create precedence within search queries.

Examples:

a or (b in folder.my_folder) -> searches for events that contain a, or events that contain b in sub folders and logs under the folder my_folder.

a or b in folder.my_folder -> searches for events that contain a or b in sub folders and logs under the folder my_folder.

a and b or c -> precedence to the key word and, this term is equivalent to (a and b) or c.

a and (b or c) -> precedence to b or c;  its result and a.

 WildcardsMay be placed anywhere in a search term:

**foo, foo*, f*oo, *foo*, *f*o*o* (* represents any characters, 0 or more times)

??oo, fo?, f? o (? represents any character, exactly one time)
Search in a specific log/folder/application/server

Searches for a term in a specified log, folder, application, or server.

Examples:

error in log.my_log -> searches for error only in logs whose name is my_log.
error in log.my* -> searches for error only in logs whose name starts with my.

error in folder.my_folder -> searches for error only in logs under folders whose name is my_folder.
error in folder.my* -> searches for error only in logs under folders whose name starts with my.

error in host.my_host -> searches for error only in logs whose source name is my_host.
error in host.my* -> searches for error only in logs whose source name starts with my.
host.my_host is equivalent to server.my_host.

error in app.my_app -> searches for error only in logs associated to applications whose name is my_app.

error in app.my* -> searches for error only in logs associated to applications whose name starts with my.
app.my_app is equivalent to application.my_app.

Column-based Search

Searches for events that have a specific value in a specific column of the log.

Examples:

column_name=search_value -> searches for events that have a column named column_name whose value is equal to search_value (relevant only for logs that have a column with that name).

column_name=search_value in log.my_log -> searches for events in the log my_log that have a column column_name whose value is equal  to search_value (relevant only if the log has a column with that name).

column_name contains search_value -> searches for events that have a column named column_name whose value contains search_value (relevant only to logs that have a column with that name).

column_name contains search_value in log.my_log -> searches for events in the log my_log, which have a column column_name whose value contains  search_value (relevant only if the log has a column with that name).

 Regular expression search

Searches in events for values represented by regular expressions.

Example:

regexp:\d+ in log.access -> searches for numbers in events.

 Activate saved search

Activates a search that you previously saved.

search.search_name -> executes the saved search called search_name.

 

 

  • No labels