Refining search results
You can refine the search results.
You can narrow your search, by adding extra criteria in
the search field. For example, the string severity : E returns
log lines that contain errors. Alternatively, you can perform a free
text search for a value in a column. All of the log lines that contain
that text are returned. If more than 100 log lines are returned, click
the arrows to view more log lines.
::1 next to the host name, ::1 might
be displayed as the value in the sourceip column.You can also refine your search in these ways:
Search Patterns
To refine your search, use the values in the Search Patterns pane. For each new search, the list of fields with which you can filter your search is updated and listed in the Search Patterns pane. The number of occurrences of each value that is found is displayed with each unique keyword added as a child node. Click a keyword to add it to the Search field.
The keyword is added
in the format field:"value". You can add multiple
keywords to refine your search. If you want to run an OR query,
type the word OR between each added keyword search
string. When you add all of the search criteria, click Search to
return log lines that contain the values that you specified.
Discovered Patterns
When you search a data source that has been configured with a Source Type that uses the Generic annotator, the results of the search are listed in the Discovered Patterns pane.
For each new search, the list of fields with which you can filter your search is updated and listed. The counts in the Discovered Patterns pane indicate the number of records that contain a specific key or key-value pair. A key-value pair might occur multiple times in a record, but the total reflects the number of records in which the key-value pair occurs. The count of the value of nodes in a key-value pair tree might exceed the key count when multiple values occur for the same key in a single record.
Click
a keyword to add it to the Search field. The
keyword is added in the format field:"value". You
can add multiple keywords to refine your search. If you want to run
an OR query, type the word OR between
each added keyword search string. When you add all of the search criteria,
click Search to return log lines that contain
the values that you specified.
Data Source filtering
Refine your search by selecting a Data Sources leaf node. When you select a leaf node in the Data Sources tree, your search is refined to search only that data source and any descendant data sources. The Data Sources tree is defined by selecting a service topology node when you configure your data source. For more information, see Editing groups in the service topology JSON file.
Time Filters
Us the Time Filters list to refine your search based on a selected time period. Select a value from the list to limit the search period. The time period chosen limits the search time period based on the log entries. For example, choosing Last Hour limits the search to the final 60 minutes of log file entries.
Selecting a timeline value
Click a value in timeline to refine your search based on that value. Log events can be visualized up to second-level granularity.
Selecting a time zone
To change the time zone that is used in one or all of your searches, click the Browser time link in the timeline chart. For more information about changing the time zone, see Changing the search time zone in the Searching and visualizing data guide.