Working with Queries

SmartLog lets you quickly and easily create log queries. The query results show in the Results pane. SmartLog comes with many predefined queries that are ready to run right out of the box. You can create your own custom queries and save them for future use.

Running Queries

You can run a SmartLog an existing query or create a custom query.

To run a query:

• Click Favorites and select a predefined or custom query.

  Or

• Click in the Query Definition field and select a recent query.

To create and run a query:

1. Click in the Query Definition field.
2. Enter or select query criteria.

   The query runs automatically. As you add more criteria, results are updated dynamically.

To manually refresh your query:

To continuously refresh your query (Auto-Refresh):

The query continues to update every two seconds while Auto-Refresh is enabled.

To stop refreshing your query:

Working with the Favorites List

The Favorites list lets you work with predefined and saved custom queries. The predefined queries are organized into folders by Software Blade. You can add new queries to existing folder or create new folders hold them.

You can do these actions with the Favorites list:

• Add new custom queries
• Add new query folders
• Delete queries

In this version, you cannot move a query from one folder to a different folder.

Adding a Query to the Favorites List

To add a folder to the Favorites list:

1. From the Favorites menu, select Add to Favorites.
2. In the Add to Favorites window, enter a name for the new query.

   The query criteria show in the Query field.

3. Select a folder from the list or click Create a New Folder.
4. Click Add.

Creating a New Folder

You can use folders to help you organize custom queries into logical groups. Folders can be created inside of other folders.

You can also do this procedure while adding a new query to the favorites list.

To create a new folder:

1. From the Favorites menu, select Add to Favorites.
2. In the Add to Favorites window, click the Folder list.
3. Select Create a New Folder from the list.
4. In the Create a Folder window, enter a name for the new folder.
5. Select a folder to contain the new folder.
6. Click Add.

Deleting a Folder

You can delete folders that are no longer necessary.

To delete a folder:

1. From the Favorites menu, select Organize Favorites.
2. In the Organize Favorites folder, select the folder to be deleted.
3. Click Delete.
4. Click Close.

Working with the Results Pane

You can control how the data shows on in the results.

Showing Query Results

Query results can include tens of thousands of log records. To prevent performance degradation, SmartLog only shows the first set of results in the Results pane. Typically, this is 50 results.

Scroll down to show more results. As you scroll down, SmartLog extracts more records from the SmartLog Index Server and adds them to the results set. The number of results shows above the Results pane.

For example, on the first run of a query, you can see:

Showing first 50 results (128 ms), out of over 150,000 results

After you scroll down, you see:

Showing first 100 results (128 ms), out of over 150,000 results

Customizing the Results Pane

By default, SmartLog shows a predefined set of columns and information based on the selected blade in your query. This is known as the Column Profile. If no blade is specified, a column profile is assigned based on the blade that occurs most frequently in the query results.

The Column Profile defines which columns appear in the Results Pane and in which order. You can change the Column Profile as necessary for your environment. You can sort the results by the actual event date and time or by the time that the event index arrived to the SmartLog Server.

To use the default Column Profile assignments, right-click a column heading and select Columns Profile > Automatic Profile Selection. This option is enabled by default.

To manually assign Column Profile assignments by default, right-click a column heading and select Columns Profile > Manual Profile Selection.

To manually assign a different Column Profile:

1. Right-click a column heading and select Columns Profile.
2. Select a Column Profile from the options menu.

To change a Column Profile:

1. Right-click a column heading and select Columns Profile > Edit Columns Profile.
2. In the Show Fields window, select a Column Profile to change.
3. Select fields to add from the from the Available Fields column and click Add.
4. Select fields to remove from the Selected Fields column and click Remove.
5. Select a field in the Selected Fields and then click Move Up or Move Down to change its position in the Results Pane.
6. Double click the Width column to change the default column width for the selected field.

   You can drag the right-hand column border in the Results Pane to change the column width. This action is only applicable to the current session. The width defined in the Column Profile will show when you start a new SmartLog session.

To change the sort query order:

1. Right-click the Time column.
2. Select Sort by time or Sort by arrival order as applicable.

Exporting Query Results

SmartLog lets you export queries to a comma separated value (CSV) file. You can then use Microsoft Excel or other database programs to further analyze the data information print reports.

SmartLog only exports the query result included in the result set. You must scroll down to add more records to the result set. The actual number of results in the result set, shows below the Query Definition pane.

To export query results:

1. Create or run a query in SmartLog.
2. Scroll down in the Results pane until a sufficient quantity of records show.
3. From the File menu, select Export > Excel CSV.
4. Enter the file name and path and then click Save.

Creating Custom Queries

Queries can include one or more criteria. You can create custom queries using one or a combination of these basic procedures:

• Right-click columns in the grid view and select Add Filter.
• Click in the Query Definition field and select fields and filter criteria for those fields.
• Manually type filter criteria in the Query Definition field.

A good way to create a new custom query is to run an existing query and then use one of these procedures to change it. You can save the new query in the Favorites list.

When you create complex queries, SmartLog suggests, or automatically enters, an appropriate Boolean operator. This can be an implied AND operator, which does not explicitly show.

Selecting Query Fields

You can enter query criteria directly from the Query Definition field.

To select field criteria from the Query Definition field:

1. If you are starting a new query, remove query definitions: click Clear
2. Put the cursor in the Query Definition Field.
3. Select a criterion from the drop-down list or enter the criteria in the Query Definition field.

The query runs automatically.

Selecting Criteria from Grid Columns

You can use the column headings in the Grid view to select query criteria. This option is not available in the Table view.

To select query criteria from grid columns:

1. In the Results pane, right-click on a column heading.
2. Select Add Filter.
3. Select or enter the filter criteria.
   The criteria show in the Query Definition field and the query runs automatically.

You can continue to enter more criteria using this or other procedures.

Manually Entering Query Criteria

You can always type query criteria directly in the Query Definition field. You can manually create a new query or make changes to an existing query that shows in the Query Definition field.

As you type, SmartLog helps you by showing recently used query criteria or even complete queries. To use these suggestions, simply select them from the drop down list. If you make a syntax error in a query, SmartLog shows a helpful error message that identifies the error and suggests a solution.