Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 11 Next »

The Search Query Panel user interface includes the following elements:

 

ElementDescription
 / By default, the Augmented Search Pane is open. Clicking the  button closes the pane; clicking the  button opens the pane.
 /

indicates that the search is in progress; indicates that the search is complete.

Search Query Area for typing a simple or complex search query, or for activating a saved search query.
Actions

Opens a menu, which provides the following actions that can be performed on the search:

  • Save Search – selecting this item saves the search query in the system.
  • Save Monitor – selecting this item saves the search query as a monitor.
  • Export to PDF – selecting this item saves the search query and results in a PDF file.
 

Clicking this icon displays a window with four tabs:

  • Search History – selecting this tab opens a window that displays your recent and popular searches.
  • Saved Searches – selecting this tab opens a window with a listing of the names of the searches that you saved.
  • Simple Search Syntax – this tab is open when the window is displayed; it lists the syntax that you can use to formulate a simple search.
  • Complex Search Syntax – selecting this tab opens a window which lists the syntax that you can use to formulate a complex search.
Time Period

Enables searching for events that occurred in a specific time period. Selectable time periods include: All time, Last hour, Last 12 hours, Last 24 hours, Last 3 days, Last 7 days, Last 2 weeks, Last 3 weeks, Last 4 weeks, Last 3 months, Last 6 months, Last 12 months, or Custom

Go buttonClicking this button commences the search. 

 Simple Search Syntax

 The following table summarizes the simple search syntax:

 

TypeDescription

Boolean 

AND – A and B match events that contain A and B.

OR – A or B match events that contain A or B.

NOT – A and NOT (B or C) match events that contain A but not B or C. 

Quotation Marks

Used to get an exact match of a term. Recommended when there is a key word (such as ( ), =, and, or, not, in, *, ?) within a searched term.

Example: "connection(1234) failure" -> returns events with an exact match to connection(1234) failure.

Parentheses

Used to unify a term result or to create precedence within search queries.

Examples:

a or (b in folder.my_folder) -> search for events that contain a, or events that contain b in sub folders and logs under the folder my_folder.

a or b in folder.my_folder -> search for events that contain a or b in sub folders and logs under the folder my_folder.

a and b or c -> precedence to the key word and, this term is equivalent to (a and b) or c.

a and (b or c) -> precedence to b or c;  its result and a.

 WildcardsMay be placed anywhere in a search term:

* – *foo, foo*, f*oo, *foo*, *f*o*o* (* represents any characters, 0 or more times)

? – ?oo, fo?, f? o (? represents any character, exactly one time)
 Search in specific log/folder/application/server

Search for a term in a specified log, folder, application, or server.

Examples:

error in log.my_log -> search for error only in logs whose name is my_log.
error in log.my* -> search for error only in logs whose name starts with my.

error in folder.my_folder -> search for error only in logs under folders whose name is my_folder.
error in folder.my* -> search for error only in logs under folders whose name starts with my.

error in host.my_host -> search for error only in logs whose source name is my_host.
error in host.my* -> search for error only in logs whose source name starts with my.
host.my_host is equivalent to server.my_host.

error in app.my_app -> search for error only in logs associated to applications whose name is my_app.

error in app.my* -> search for error only in logs associated to applications whose name starts with my.
app.my_app is equivalent to application.my_app.

Comparison Search (in a specific log column)

Search for events that have a specific column of a specific value.

Examples:

column_name=search_value -> search for events that have a column named column_name whose value equals search_value (relevant only for logs that have a column with that name).

column_name=search_value in log.my_log -> search for events in the log my_log that have a column column_name whose value equal  to search_value (relevant only if the log has a column with that name).

column_name contains search_value -> search for events that have a column named column_name whose value contains search_value (relevant only to logs that have a column with that name).

column_name contains search_value in log.my_log -> search for events in the log my_log which have a column column_name whose value contains the search_value (relevant only if the log has a column with that name).

 Activate saved search

Activate a search that you previously saved.

search.search_name -> execute the saved search called search_name.

 

 

  • No labels