Complex Search Examples
- Omry Koschitzky
The following table contains examples of complex search queries:
| Query | Explanation |
|---|---|
| error | first 10 | Searches system log events for error, and shows the first 10 results only. |
| error | count | group by ext.log | Searches the system log events for error, and shows error count per log. |
| error | count | group by ext.log | order by count asc | Searches the system log events for error, and shows error count per log in ascending order of count. |
| error | count | group by ext.log | order by count desc | Searches the system log events for error, and shows error count per log in descending order of count. |
| * in log.log4J | count | group by priority | Runs on all events in the log log4J and aggregates unique values in the log field priority. Note: A (log field named priority is required. |
| * in log.log4j log | count | group by priority | display count as Unique Count | Same as the previous query example, with the exception that it “renames” the count column to Unique Count. |
| * in log.access log | count | group by status | Runs on all events in the log access log and aggregates unique values in the log field status. Note: A (log field named status is required. |
| * in log.access log | count | group by url | Runs on all events in the log access log and aggregates unique values in the log field url. Note: A (log field named url is required. |
| * in log.access log | avg bytes sent | group by remote host | Calculates the average of the log field bytes sent for each unique remote host in the log access log. Note: Log fields with the names bytes sent and remote host are required. Also, bytes sent should be numeric so that the average of its values can be calculated. |
| * in log.access log | avg bytes sent | group by remote host | display avg in volume format | Calculates the average of the log field bytes sent for each unique remote host in the log access log, and formats the value of the bytes sent average to volume format instead of a regular numeric value. |
| * in log.access log | avg bytes sent | group by remote host | display avg in volume format (bytes, MB) | Same as the previous query example, with the exception that in this example, volume format receives the parameters (INPUT_VOLUME_UNIT, DISPLAY_VOLUME_UNIT). XpoLog treats the value in the log field bytes sent as bytes, and presents the result in Megabytes. |
| * in log. IIS Log Test | avg time-taken | group by c-ip | display avg in time format | Calculates the average of the log field time-taken for each unique c-ip in the log IIS Log Test, and formats the value of the time-taken average to time format instead of displaying a regular numeric value. Note: Log fields with the names bytes sent and remote host are required. Also, bytes sent should be numeric so that the average of its values can be calculated. |
| * in log. IIS Log Test | avg time-taken | group by c-ip | display avg in time format (ms,minutes) | Same as the previous query example, with the exception that in this example, time format receives the parameters (INPUT_TIME_UNIT, DISPLAY_TIME_UNIT). XpoLog treats the value in the log field time-taken as milliseconds, and presents the result in minutes. |
* in log.access log | count, max bytes sent, min bytes sent, avg bytes sent | group by remote host | Calculates the number of occurrences, as well as the maximum, minimum, and average values of the log field bytes sent, for each unique remote host in the log access log. Note: Log fields with the names bytes sent and remote host are required. Also, bytes sent should be numeric so that the average of its values can be calculated. |
| error or exception | count | interval 1 day | Counts the number of errors and exception in a log on a daily basis (i.e. the number of errors/exceptions per day). |