analyticstream (search function)
- Omry Koschitzky
Synopsis
Syntax
analyticstream
Required Arguments
None
Optional Arguments
Folder/log/server/apptag as source
Description
The analyticstream function returns the XPLG Analytics results of the specified sources. The result set includes Analytics Name (the problem found by the Analytics engine), Analytics Type (Autodetected = result is based on XpoLog Analytics automatic detection, Predefined = result is based on a user rule that was saved), Analytics Risk (based on the severity of result, XpoLog Analytics engine determines the risk level from 1-10), Count (the number of events matched the identified problem in the result set).
Examples
Example 1:
* in log.secure | analyticstream
Returns a table of all analytics results from the log source 'secure' in the selected time period.
Example 2:
* in log.secure | analyticstream | where Analytics Risk > 5 | order by Analytics Risk desc
Returns a table of all analytics results from the log source 'secure', where only identified problems with Risk greater than 5 will be displayed. Sorted by risk.
Example 3:
* in log.secure | analyticstream | where Analytics Risk > 5 | interval 1 minute
Returns a table of all analytics results from the log source 'secure', where only identified problems with Risk greater than 5 will be displayed in a 1 minute time buckets.
Example 4:
* | analyticstream | where Analytics Risk > 5 where analytics name contains *error* or *fail* or *exception* | order by analytics risk desc
Returns a table of all analytics results from all logs, where only identified problems with Risk greater than 5 and that the problem identified contains error or fail or exception will be display. Sorted alphabetically.
Example 5:
* | analyticstream | group by ext.log, ext.folder, ext.server | order by analytics risk desc | where analytics risk > 5
Returns a table of all analytics results from all logs, with source log, folder and server - where only identified problems with Risk greater than 5 will be displayed. Sorted by risk.