|
|
|
A powerful query language lets you show only selected records from the log files, according to your criteria. To create complex queries, use Boolean operators, wildcards, fields, and ranges. The log search tool suggests, or automatically enters, an appropriate Boolean operator. This can be an implied AND operator, which does not explicitly show.
This section refers in detail to the query language.
When you use SmartConsole to create a query, the applicable criteria show in the Query search bar.
The basic query syntax is [<Field>:] <Filter Criterion>.
To put together many criteria in one query, use Boolean operators:
[<Field>:] <Filter Criterion> AND|OR|NOT [<Field>:] <Filter Criterion> ...
Most query keywords and filter criteria are not case sensitive, but there are some exceptions. For example, source:<X> is case sensitive (Source:<X> does not match). If your query results do not show the expected results, change the case of your query criteria, or try upper and lower case.
When you use queries with more than one criteria value, an AND is implied automatically, so there is no need to add it. Enter OR or other boolean operators if needed.
