Complex Searches

Complex search queries can be run on search results for advanced computation and reporting on matching log events.

During a simple search, XpoLog extracts all the fields from the events, and displays in the Augmented Search Pane, under Interesting Fields, what it finds to be the most interesting fields. You can run a complex search on the results of the simple search, by clicking any of these interesting fields and selecting one of the available functions that can be performed on the field.

The results of a complex search are presented in tabular format, as opposed to the simple search, which displays each and every event that meets the search criteria.

The default complex search that is triggered by selecting a filed is based on the search query that was executed, grouping by the search results by the selected interesting filed.

To perform a complex search:  

  1. In the Augmented Search Pane, under Interesting Fields, choose a field to include in your complex search. On the bottom of the list, you can click Load more to choose from other interesting fields.
    A menu of functions that can be performed on the field is displayed.

  2. From the menu, select the function to perform on the interesting field.
    The search query is automatically updated, transforming the simple search to a complex search, and the search runs, displaying a result summary table.

Alternatively, you can type a complex search query into the Search Query Panel  (see Complex Search Syntax Reference).