{"type":"doc","content":[{"type":"paragraph","content":[{"text":"XpoSearch enables you to retrieve specific events from indexed event logs, by creating a search query using the XpoSearch search syntax, and then running the search. This is an extremely useful tool for investigating the cause of problems in your system. Also, you can limit any search to events that occurred during a specific time period. ","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Selecting the Search Time Period","type":"text"}]},{"type":"paragraph","content":[{"text":"Time plays a very important role in the examination of the cause of a system problem. ","type":"text","marks":[{"type":"textColor","attrs":{"color":"#000000"}}]}]},{"type":"paragraph","content":[{"text":"Although you can run a search on events that occurred at any time, this wastes system resources, and usually results in an overwhelming number of events that are difficult for you to manage and analyze.","type":"text","marks":[{"type":"textColor","attrs":{"color":"#000000"}}]}]},{"type":"paragraph","content":[{"text":"Therefore, XpoSearch enables you to run a search on a specific time period, so that you can narrow your results, and facilitate determining the root cause of the problem. You can select a predefined time period, or customize the time period by selecting the start and end dates and times of the time period.","type":"text","marks":[{"type":"textColor","attrs":{"color":"#000000"}}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"To select the time period of the search:","type":"text","marks":[{"type":"textColor","attrs":{"color":"#000000"}}]}]},{"type":"orderedList","attrs":{"order":1},"content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"In the Search Query Panel, in the Search Time Range textbox, click the down arrow","type":"text","marks":[{"type":"textColor","attrs":{"color":"#000000"}}]},{"type":"inlineExtension","attrs":{"extensionType":"com.atlassian.confluence.migration","extensionKey":"inline-media-image","parameters":{"width":"","id":"d20bed0b-794c-4039-8b46-c769fe074c34","collection":"contentId-1594130424","height":""}}},{"text":".","type":"text"},{"type":"hardBreak"},{"text":"A list of selectable time periods opens.","type":"text","marks":[{"type":"textColor","attrs":{"color":"#000000"}}]}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"From the list of time periods, select a predefined time period (","type":"text","marks":[{"type":"textColor","attrs":{"color":"#000000"}}]},{"text":"All Time ","type":"text","marks":[{"type":"textColor","attrs":{"color":"#000000"}},{"type":"strong"}]},{"text":"(all times in the log), ","type":"text","marks":[{"type":"textColor","attrs":{"color":"#000000"}}]},{"text":"Last 15 Minutes","type":"text","marks":[{"type":"textColor","attrs":{"color":"#000000"}},{"type":"strong"}]},{"text":", ","type":"text","marks":[{"type":"textColor","attrs":{"color":"#000000"}}]},{"text":"Last 30 Minutes","type":"text","marks":[{"type":"textColor","attrs":{"color":"#000000"}},{"type":"strong"}]},{"text":", ","type":"text","marks":[{"type":"textColor","attrs":{"color":"#000000"}}]},{"text":"Last 60 Minutes","type":"text","marks":[{"type":"textColor","attrs":{"color":"#000000"}},{"type":"strong"}]},{"text":", ","type":"text","marks":[{"type":"textColor","attrs":{"color":"#000000"}}]},{"text":"Last 3 Hours","type":"text","marks":[{"type":"textColor","attrs":{"color":"#000000"}},{"type":"strong"}]},{"text":", ","type":"text","marks":[{"type":"textColor","attrs":{"color":"#000000"}}]},{"text":"Last 12 Hours","type":"text","marks":[{"type":"textColor","attrs":{"color":"#000000"}},{"type":"strong"}]},{"text":", ","type":"text","marks":[{"type":"textColor","attrs":{"color":"#000000"}}]},{"text":"Last 24 Hours","type":"text","marks":[{"type":"textColor","attrs":{"color":"#000000"}},{"type":"strong"}]},{"text":", ","type":"text","marks":[{"type":"textColor","attrs":{"color":"#000000"}}]},{"text":"Last 7 Days","type":"text","marks":[{"type":"textColor","attrs":{"color":"#000000"}},{"type":"strong"}]},{"text":", ","type":"text","marks":[{"type":"textColor","attrs":{"color":"#000000"}}]},{"text":"Last 14 Days","type":"text","marks":[{"type":"textColor","attrs":{"color":"#000000"}},{"type":"strong"}]},{"text":", ","type":"text","marks":[{"type":"textColor","attrs":{"color":"#000000"}}]},{"text":"Last 1 Month","type":"text","marks":[{"type":"textColor","attrs":{"color":"#000000"}},{"type":"strong"}]},{"text":", ","type":"text","marks":[{"type":"textColor","attrs":{"color":"#000000"}}]},{"text":"Last 3 Months","type":"text","marks":[{"type":"textColor","attrs":{"color":"#000000"}},{"type":"strong"}]},{"text":", ","type":"text","marks":[{"type":"textColor","attrs":{"color":"#000000"}}]},{"text":"Last Week","type":"text","marks":[{"type":"textColor","attrs":{"color":"#000000"}},{"type":"strong"}]},{"text":", ","type":"text","marks":[{"type":"textColor","attrs":{"color":"#000000"}}]},{"text":"This Week","type":"text","marks":[{"type":"textColor","attrs":{"color":"#000000"}},{"type":"strong"}]},{"text":", ","type":"text","marks":[{"type":"textColor","attrs":{"color":"#000000"}}]},{"text":"Yesterday","type":"text","marks":[{"type":"textColor","attrs":{"color":"#000000"}},{"type":"strong"}]},{"text":", or ","type":"text","marks":[{"type":"textColor","attrs":{"color":"#000000"}}]},{"text":"Today","type":"text","marks":[{"type":"textColor","attrs":{"color":"#000000"}},{"type":"strong"}]},{"text":"),","type":"text","marks":[{"type":"textColor","attrs":{"color":"#000000"}}]},{"text":" ","type":"text","marks":[{"type":"textColor","attrs":{"color":"#000000"}},{"type":"strong"}]},{"text":"or select ","type":"text","marks":[{"type":"textColor","attrs":{"color":"#000000"}}]},{"text":"Custom","type":"text","marks":[{"type":"textColor","attrs":{"color":"#000000"}},{"type":"strong"}]},{"text":" to specify your own time period (see ","type":"text","marks":[{"type":"textColor","attrs":{"color":"#000000"}}]},{"text":"Customizing the Search Time Period","type":"text","marks":[{"type":"textColor","attrs":{"color":"#000000"}},{"type":"link","attrs":{"__confluenceMetadata":{"isRenamedTitle":true,"linkType":"page","contentTitle":"Customizing the Search Time Period","versionAtSave":"11"},"href":"https://xpolog.atlassian.net/wiki/spaces/XPOL/pages/1594130653"}}]},{"text":" for a detailed explanation on customizing the time period). ","type":"text","marks":[{"type":"textColor","attrs":{"color":"#000000"}}]},{"type":"hardBreak"},{"type":"hardBreak"},{"text":"The selected time period is displayed in the textbox, and the search runs on this time period.","type":"text","marks":[{"type":"textColor","attrs":{"color":"#000000"}}]}]}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Creating a Search Query","type":"text"}]},{"type":"paragraph","content":[{"text":"You can create a search query using the search syntax supplied by XpoLog for simple searches:","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Simple terms search","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Boolean search","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Search with wildcards","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Comparison search","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Search in a specific log, folder, application, or server","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Activate a saved search by its name","type":"text"}]}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Searching for Simple Terms","type":"text","marks":[{"type":"underline"}]}]},{"type":"paragraph","content":[{"text":"The simplest type of search is one that searches for terms in your log events. This includes the following:","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Searching for a single word that appears anywhere in the event.","type":"text"},{"type":"hardBreak"},{"text":"Example: ","type":"text","marks":[{"type":"strong"}]},{"text":"Typing ","type":"text"},{"text":"error","type":"text","marks":[{"type":"strong"}]},{"text":" searches for all events containing the word ","type":"text"},{"text":"error","type":"text","marks":[{"type":"strong"}]},{"text":".","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Searching for two or more words that appear in an event, exactly in the order that you typed them. ","type":"text"},{"type":"hardBreak"},{"text":"Example:","type":"text","marks":[{"type":"strong"}]},{"text":" Typing ","type":"text"},{"text":"error log","type":"text","marks":[{"type":"strong"}]},{"text":" only searches for events having the words ","type":"text"},{"text":"error","type":"text","marks":[{"type":"strong"}]},{"text":" and ","type":"text"},{"text":"log","type":"text","marks":[{"type":"strong"}]},{"text":" adjacent to each other in the event.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Searching for keywords in an event – by enclosing the words in quotes. These keywords can be Boolean operators or saved words. ","type":"text"},{"type":"hardBreak"},{"text":"Example:","type":"text","marks":[{"type":"strong"}]},{"text":" If you want to search for the word ","type":"text"},{"text":"NOT","type":"text","marks":[{"type":"strong"}]},{"text":" in an event, and do not want it to be misinterpreted as the Boolean operator NOT, you should enclose it in quotes: ","type":"text"},{"text":"\"NOT\"","type":"text","marks":[{"type":"strong"}]},{"text":".","type":"text"}]}]}]},{"type":"paragraph","content":[{"text":"XpoSearch also provides the autocomplete feature. As you type the search query, a dropdown list of other search queries that you have created in the past and that begin with these characters is displayed, as relevant. If one of these search queries is the one that you want to run, you can simply select it instead of retyping the entire search query.","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Boolean Search","type":"text","marks":[{"type":"underline"}]}]},{"type":"paragraph","content":[{"text":"XpoLog provides three Boolean operators for your use: ","type":"text"},{"text":"OR","type":"text","marks":[{"type":"strong"}]},{"text":", ","type":"text"},{"text":"AND","type":"text","marks":[{"type":"strong"}]},{"text":", ","type":"text"},{"text":"NOT","type":"text","marks":[{"type":"strong"}]},{"text":", evaluated in a search query in that order. These operators must be capitalized. It is also possible to change the default order of precedence, by enclosing in parenthesis the part of the search term that you want to perform first.","type":"text"}]},{"type":"paragraph","content":[{"text":"Example:","type":"text","marks":[{"type":"strong"}]},{"text":" Searching for ","type":"text"},{"text":"end process OR start process","type":"text","marks":[{"type":"strong"}]},{"text":" returns all events containing either the phrase ","type":"text"},{"text":"end process","type":"text","marks":[{"type":"strong"}]},{"text":" or the phrase ","type":"text"},{"text":"start process","type":"text","marks":[{"type":"strong"}]},{"text":". ","type":"text"}]},{"type":"paragraph","content":[{"text":"Note:","type":"text","marks":[{"type":"strong"}]},{"text":" If you want to search in an event for any words that are the same as Boolean operators, you should enclose them in quotes, so that they are not misunderstood for the Boolean operator.","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Searching with Wildcards","type":"text","marks":[{"type":"underline"}]}]},{"type":"paragraph","content":[{"text":"XpoSearch provides two wildcards:","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"?","type":"text","marks":[{"type":"strong"}]},{"text":" – used in a search term to represent a single alphanumeric character. ","type":"text"},{"type":"hardBreak"},{"text":"Example:","type":"text","marks":[{"type":"strong"}]},{"text":" Typing ","type":"text"},{"text":"http ?00","type":"text","marks":[{"type":"strong"}]},{"text":" retuns ","type":"text"},{"text":"http 100","type":"text","marks":[{"type":"strong"}]},{"text":", ","type":"text"},{"text":"http 200","type":"text","marks":[{"type":"strong"}]},{"text":", ...,and ","type":"text"},{"text":"http 900","type":"text","marks":[{"type":"strong"}]},{"text":". It does not return ","type":"text"},{"text":"http 2000","type":"text","marks":[{"type":"strong"}]},{"text":", as the ","type":"text"},{"text":"? ","type":"text","marks":[{"type":"strong"}]},{"text":"only replaces a single character.","type":"text"},{"type":"hardBreak"},{"text":" ","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"*","type":"text","marks":[{"type":"strong"}]},{"text":" – used in a search term to represent zero to any number of any alphanumeric characters. A search term which only includes an ","type":"text"},{"text":"*","type":"text","marks":[{"type":"strong"}]},{"text":" returns all events, up to the maximum allowed by the system. ","type":"text"},{"type":"hardBreak"},{"text":"Example: ","type":"text","marks":[{"type":"strong"}]},{"text":"Typing ","type":"text"},{"text":"http *00","type":"text","marks":[{"type":"strong"}]},{"text":" returns all events beginning with ","type":"text"},{"text":"http ","type":"text","marks":[{"type":"strong"}]},{"text":"and ending with ","type":"text"},{"text":"00","type":"text","marks":[{"type":"strong"}]},{"text":", such as ","type":"text"},{"text":"http 300","type":"text","marks":[{"type":"strong"}]},{"text":", ","type":"text"},{"text":"http 3000","type":"text","marks":[{"type":"strong"}]},{"text":", and ","type":"text"},{"text":"http 500","type":"text","marks":[{"type":"strong"}]},{"text":". ","type":"text"}]}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Searching in a Specific Log/Folder/AppTag/Server","type":"text","marks":[{"type":"underline"}]}]},{"type":"paragraph","content":[{"text":"XpoSearch enables searching events in all event logs of the system, regardless of their source, or only in event logs that come from a specific source, as follows:","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Log","type":"text","marks":[{"type":"strong"}]},{"text":" – a specific log","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Folder","type":"text","marks":[{"type":"strong"}]},{"text":" – logs in a specific folder ","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"AppTag","type":"text","marks":[{"type":"strong"}]},{"text":" – logs of a specific application","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Server","type":"text","marks":[{"type":"strong"}]},{"text":" – logs from a specific server","type":"text"}]}]}]},{"type":"paragraph"},{"type":"paragraph","content":[{"text":"It is also possible to exclude sources by using NOT before the IN key word. Note that first the “included” sources should be specified, and then the excluded sources.","type":"text"}]},{"type":"paragraph"},{"type":"paragraph","content":[{"text":"Search in multiple sources or exclude source by specifying a comma separated list.","type":"text"}]},{"type":"paragraph","content":[{"text":"Examples:","type":"text","marks":[{"type":"strong"}]}]},{"type":"orderedList","attrs":{"order":1},"content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Running a search for ","type":"text"},{"text":"error in log.my_log","type":"text","marks":[{"type":"strong"}]},{"text":" returns events only from the log named ","type":"text"},{"text":"my_log ","type":"text","marks":[{"type":"strong"}]},{"text":"that include the word","type":"text"},{"text":" error","type":"text","marks":[{"type":"strong"}]},{"text":", regardless of where this log resides.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Running a search for ","type":"text"},{"text":"error in log.X in folder.Y ","type":"text","marks":[{"type":"strong"}]},{"text":"returns events only from event log ","type":"text"},{"text":"X","type":"text","marks":[{"type":"strong"}]},{"text":" that resides in folder ","type":"text"},{"text":"Y","type":"text","marks":[{"type":"strong"}]},{"text":". ","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Running a search for ","type":"text"},{"text":"error in log.X, log.Y ","type":"text","marks":[{"type":"strong"}]},{"text":"returns events from event log ","type":"text"},{"text":"X","type":"text","marks":[{"type":"strong"}]},{"text":" and event log ","type":"text"},{"text":"Y","type":"text","marks":[{"type":"strong"}]},{"text":", regardless of where they reside. ","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Running a search for ","type":"text"},{"text":"error in folder.XPLG not in log.xpologlog, log.memory","type":"text","marks":[{"type":"strong"}]},{"text":" returns events from all logs that reside in folder ","type":"text"},{"text":"XPLG ","type":"text","marks":[{"type":"strong"}]},{"text":"but not from the logs ","type":"text"},{"text":"xpologlog ","type":"text","marks":[{"type":"strong"}]},{"text":"and ","type":"text"},{"text":"memory","type":"text","marks":[{"type":"strong"}]},{"text":".","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Running a search for ","type":"text"},{"text":"error in folder.XPLG not in folder.dump","type":"text","marks":[{"type":"strong"}]},{"text":" returns events from all logs that reside in folder ","type":"text"},{"text":"XPLG ","type":"text","marks":[{"type":"strong"}]},{"text":"but logs that do not reside under the ","type":"text"},{"text":"dump ","type":"text","marks":[{"type":"strong"}]},{"text":"folder.","type":"text"}]}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Column-based Search","type":"text","marks":[{"type":"underline"}]}]},{"type":"paragraph","content":[{"text":"You can run a column-based search on event data, to extract only those events which have a specific column that meets the comparison criteria. This is done by creating a search that compares a specific column to a specific value, using the comparison operators defined in the following table.","type":"text"}]},{"type":"table","attrs":{"layout":"full-width","width":1800.0,"localId":"9d7b6b3e-7783-4d47-ada3-4068b73f699e"},"content":[{"type":"tableRow","content":[{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1,"colwidth":[154.0]},"content":[{"type":"paragraph","content":[{"text":"Operator","type":"text"}]}]},{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1,"colwidth":[1646.0]},"content":[{"type":"paragraph","content":[{"text":"Definition","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[154.0]},"content":[{"type":"paragraph","content":[{"text":"= ","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[1646.0]},"content":[{"type":"paragraph","content":[{"text":"Equals","type":"text"}]},{"type":"paragraph","content":[{"text":"column_name = x","type":"text","marks":[{"type":"strong"}]},{"text":" returns all events with ","type":"text"},{"text":"column_name","type":"text","marks":[{"type":"strong"}]},{"text":" value exactly equal to ","type":"text"},{"text":"x","type":"text","marks":[{"type":"strong"}]},{"text":".","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[154.0]},"content":[{"type":"paragraph","content":[{"text":"!= ","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[1646.0]},"content":[{"type":"paragraph","content":[{"text":"Not equals","type":"text"}]},{"type":"paragraph","content":[{"text":"column_name != x ","type":"text","marks":[{"type":"strong"}]},{"text":"returns all events with ","type":"text"},{"text":"column_name ","type":"text","marks":[{"type":"strong"}]},{"text":"value not equal to ","type":"text"},{"text":"x","type":"text","marks":[{"type":"strong"}]},{"text":".","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[154.0]},"content":[{"type":"paragraph","content":[{"text":"> ","type":"text","marks":[{"type":"strong"}]},{"text":" ","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[1646.0]},"content":[{"type":"paragraph","content":[{"text":"Greater than; for numerical fields only","type":"text"}]},{"type":"paragraph","content":[{"text":"column_name > x","type":"text","marks":[{"type":"strong"}]},{"text":" returns all events with ","type":"text"},{"text":"column_name ","type":"text","marks":[{"type":"strong"}]},{"text":"value greater than ","type":"text"},{"text":"x","type":"text","marks":[{"type":"strong"}]},{"text":".","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[154.0]},"content":[{"type":"paragraph","content":[{"text":"<","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[1646.0]},"content":[{"type":"paragraph","content":[{"text":"Less than; for numerical fields only","type":"text"}]},{"type":"paragraph","content":[{"text":"column_name < x ","type":"text","marks":[{"type":"strong"}]},{"text":"returns all events with ","type":"text"},{"text":"column_name","type":"text","marks":[{"type":"strong"}]},{"text":" value less than ","type":"text"},{"text":"x","type":"text","marks":[{"type":"strong"}]},{"text":".","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[154.0]},"content":[{"type":"paragraph","content":[{"text":" contains","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[1646.0]},"content":[{"type":"paragraph","content":[{"text":"Used for checking if a column contains a specific value","type":"text"}]},{"type":"paragraph","content":[{"text":"column_name contains x ","type":"text","marks":[{"type":"strong"}]},{"text":"returns all events that contain in ","type":"text"},{"text":"column_name ","type":"text","marks":[{"type":"strong"}]},{"text":"the value ","type":"text"},{"text":"x.","type":"text","marks":[{"type":"strong"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[154.0]},"content":[{"type":"paragraph","content":[{"text":" ","type":"text"},{"text":"NULL","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[1646.0]},"content":[{"type":"paragraph","content":[{"text":"Used to find empty or populated columns","type":"text"}]},{"type":"paragraph","content":[{"text":"column_name = NULL ","type":"text","marks":[{"type":"strong"}]},{"text":"returns all events that have no value in ","type":"text"},{"text":"column_name","type":"text","marks":[{"type":"strong"}]},{"text":". ","type":"text"}]},{"type":"paragraph","content":[{"text":"column_namereturns all events that have a value in ","type":"text"},{"text":"column_name","type":"text","marks":[{"type":"strong"}]},{"text":".","type":"text"},{"text":" ","type":"text","marks":[{"type":"strong"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[154.0]},"content":[{"type":"paragraph","content":[{"text":" ","type":"text"},{"text":"NOT","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[1646.0]},"content":[{"type":"paragraph","content":[{"text":"Used to exclude events that have a specific value in a specific column ","type":"text"}]},{"type":"paragraph","content":[{"text":"NOT (column_name contains error) ","type":"text","marks":[{"type":"strong"}]},{"text":"returns all events that do not have ","type":"text"},{"text":"error ","type":"text","marks":[{"type":"strong"}]},{"text":"in ","type":"text"},{"text":"column_name.","type":"text","marks":[{"type":"strong"}]}]}]}]}]},{"type":"paragraph","content":[{"text":"Example: ","type":"text","marks":[{"type":"strong"}]},{"text":"Typing ","type":"text"},{"text":"Priority != Error ","type":"text","marks":[{"type":"strong"}]},{"text":"returns all events that do not have the value ","type":"text"},{"text":"Error ","type":"text","marks":[{"type":"strong"}]},{"text":"in the ","type":"text"},{"text":"Priority ","type":"text","marks":[{"type":"strong"}]},{"text":"column.","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Regular Expression Search","type":"text","marks":[{"type":"underline"}]}]},{"type":"paragraph","content":[{"text":"XpoLog enables you to search in events for values matching a regular expression pattern.","type":"text"},{"type":"hardBreak"},{"text":"There are 2 ways to search based on a regular expression:","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Simple regular expression search:","type":"text"},{"type":"hardBreak"},{"text":"The simple regular expression search is limited to a complete match of the regular expression term in the data - partial values will not be detected.","type":"text"},{"type":"hardBreak"},{"text":"Specify the keyword regexp following a colon and enter the regular expression to search","type":"text"},{"type":"hardBreak"},{"text":"regexp: [REGULAR_EXPRESSION] ","type":"text"},{"type":"hardBreak"},{"text":"For example: ","type":"text"},{"text":"regexp:\\d+ in log.access ","type":"text","marks":[{"type":"strong"}]},{"text":"--> will return all events that contain numbers.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Advanced regular expression:","type":"text"},{"type":"hardBreak"},{"text":"This function allows a much more comprehensive regular expression based search:","type":"text"},{"type":"hardBreak"},{"text":" | ","type":"text"},{"text":"regexext","type":"text","marks":[{"type":"strong"}]},{"text":" ([REGULAR_EXPRESSION]) ","type":"text"},{"text":"","type":"text","marks":[{"type":"textColor","attrs":{"color":"#000000"}}]},{"type":"hardBreak"},{"type":"hardBreak"},{"text":" = a comma separated list of log columns names to search only in them.","type":"text","marks":[{"type":"textColor","attrs":{"color":"#000000"}}]},{"type":"hardBreak"},{"text":"The result will show the matched value(s), the complete event where the value is at, and details of the the log (source server, apptag, log, folders and logs path, etc.).","type":"text","marks":[{"type":"textColor","attrs":{"color":"#000000"}}]},{"type":"hardBreak"},{"text":"Note that XpoLog is looking for an exact match (=) in one of the log columns and not partial match (contains). To use contains wrap the regular expression with .* before and after the desired regular expression to be found.","type":"text","marks":[{"type":"underline"},{"type":"textColor","attrs":{"color":"#000000"}}]}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"For example: ","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"* in log.access | regexext (\\d+\\.\\d+\\.\\d+\\.\\d+) --> will return all events which one of their fields ","type":"text"},{"text":"matches","type":"text","marks":[{"type":"strong"}]},{"text":" an IP address.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"* in log.access | regexext (.*\\d+\\.\\d+\\.\\d+\\.\\d+.*) --> will return all events which one of their fields ","type":"text"},{"text":"containing ","type":"text","marks":[{"type":"strong"}]},{"text":"an IP address.","type":"text"}]}]}]}]}]},{"type":"paragraph","content":[{"text":"Example: ","type":"text","marks":[{"type":"strong"}]},{"text":"Typing ","type":"text"},{"text":"regexp:\\d+ in log.access ","type":"text","marks":[{"type":"strong"}]},{"text":"searches for numbers in events. ","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Searching Special Chars in a Search","type":"text","marks":[{"type":"underline"}]}]},{"type":"paragraph","content":[{"text":"XpoLog enables you to search special characters in the search:","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Wrap the searched term with \"quotes\"","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Use backslash (\\) before a specific char to be treated as textual value to be searched","type":"text"}]}]}]},{"type":"paragraph","content":[{"text":"Example: ","type":"text","marks":[{"type":"strong"}]},{"text":"If the message contains a special char like {} it can be searched by","type":"text"},{"text":" \\{\\} in log.LOG_NAME","type":"text","marks":[{"type":"strong"}]},{"text":". ","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Combined Searches","type":"text","marks":[{"type":"underline"}]}]},{"type":"paragraph","content":[{"text":"XpoLog supports running different specific queries on different log(s).","type":"text"},{"type":"hardBreak"},{"text":"This option may be used when searching for specific values in specific log(s) and other specific values in other log(s). Multiple queries are supported by separating different search queries by OR:","type":"text"}]},{"type":"paragraph","content":[{"text":" in log/folder/server/apptag. ","type":"text"},{"text":"OR","type":"text","marks":[{"type":"underline"},{"type":"strong"}]},{"text":" in log/folder/server/apptag. ","type":"text"},{"text":"OR","type":"text","marks":[{"type":"strong"}]},{"text":" in log/folder/server/apptag.","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Activating a Saved Search","type":"text","marks":[{"type":"underline"}]}]},{"type":"paragraph","content":[{"text":"XpoLog enables you to save any search query so that you can easily run it at a later time. You can either activate the saved search by selecting its name from a list of saved searches (see ","type":"text"},{"text":"Running a Saved Search","type":"text","marks":[{"type":"link","attrs":{"__confluenceMetadata":{"isRenamedTitle":true,"linkType":"page","contentTitle":"Running a Saved Search","versionAtSave":"12"},"href":"https://xpolog.atlassian.net/wiki/spaces/XPOL/pages/1594130364"}}]},{"text":") or you can type ","type":"text"},{"text":"search.search_name","type":"text","marks":[{"type":"strong"}]},{"text":" in the search query to run the saved search called ","type":"text"},{"text":"search_name","type":"text","marks":[{"type":"strong"}]},{"text":". ","type":"text"}]},{"type":"paragraph","content":[{"text":"Example: ","type":"text","marks":[{"type":"strong"}]},{"text":"Typing ","type":"text"},{"text":"search.error_search ","type":"text","marks":[{"type":"strong"}]},{"text":"activates the saved search named ","type":"text"},{"text":"error_search","type":"text","marks":[{"type":"strong"}]},{"text":".","type":"text"}]}],"version":1}