Augmenting a Search with Detected Problems

Owned by Omry Koschitzky
Last updated: May 06, 2013
2 min read

As there are many logs with myriads of information, it may be difficult for a user to decide what to search for.

XpoLog Search assists the user in deciding what to search for by displaying for each time period, problems that occurred at that time, along with the severity of these problems. Although these problems are not errors, they can in fact be the root cause of an error, so that adding them to a search can be very beneficial.

The user can decide whether to show only predefined problems, autodetected problems, or all problems (see  Selecting Augmented Layers for full details).

Note: The detected problems are not related to the search query.

Dots of varying colors and sizes are displayed on the time axis of the search, representing the problems detected at this time.

The size of a dot is relative to the number of problems found on the time axis. A larger dot represents more detected problems; a smaller dot, less detected problems.

The color of the dot indicates the severity of the most serious problem found at that time, as follows:

  • Yellow – low severity
  • Orange – medium severity
  • Red – high severity

Hovering on a dot opens a list of suggestions, from which you can drill down to see the events associated with it.  It is recommended to hover on a dot with the most highest-severity problems.

The user can augment a search with a problem from the list by clicking it. The selected problem is then added to the search query with the logical OR operator. 

To augment your search with a detected problem:
  1. In the Augmented Layers selection box, select the problems that the system should show on the time axis: Predefined, Autodetected, or all problems.
  2. Hover on a dot on the time-axis, and select a problem from the list of problems.
    The problem is appended to the search query with the logical OR operator.  
    Note: If there is no search query, it is added to the search query as is.
    The added detected problem appears under Active Filters in the Augmented Search Pane.  
  3. Repeat step 2  to add an additional problem to your search.
    At any point, you can restore the original query, or remove from the query a filter based on a problem, by removing it from the Active Filters list (see Managing Active Filters).