analyticstream (search function)

Owned by Omry Koschitzky
Last updated: Aug 23, 2021
1 min read

Synopsis

Displays Analytics details.

Syntax

analyticstream 

Required Arguments

None

Optional Arguments

Folder/log/server/apptag as source

Description

The analyticstream function returns the XPLG Analytics results of the specified sources. The result set includes Analytics Name (the problem found by the Analytics engine), Analytics Type (Autodetected = result is based on XpoLog Analytics automatic detection, Predefined = result is based on a user rule that was saved), Analytics Risk (based on the severity of result, XpoLog Analytics engine determines the risk level from 1-10), Count (the number of events matched the identified problem in the result set).

Examples

Example 1:  

* in log.secure | analyticstream

 Returns a table of all analytics results from the log source 'secure' in the selected time period.

Example 2:  

* in log.secure | analyticstream | where Analytics Risk > 5 | order by Analytics Risk desc

Returns a table of all analytics results from the log source 'secure', where only identified problems with Risk greater than 5 will be displayed. Sorted by risk.

Example 3:  

* in log.secure | analyticstream | where Analytics Risk > 5 | interval 1 minute

Returns a table of all analytics results from the log source 'secure', where only identified problems with Risk greater than 5 will be displayed in a 1 minute time buckets.

Example 4:  

* | analyticstream | where Analytics Risk > 5 where analytics name contains *error* or *fail* or *exception* | order by analytics risk desc 

Returns a table of all analytics results from all logs, where only identified problems with Risk greater than 5 and that the problem identified contains error or fail or exception will be display. Sorted alphabetically.

Example 5:  

* | analyticstream | group by ext.log, ext.folder, ext.server | order by analytics risk desc | where analytics risk > 5

Returns a table of all analytics results from all logs, with source log, folder and server -  where only identified problems with Risk greater than 5 will be displayed. Sorted by risk.

Â