You can search for and filter log events in the Explore Logs page by entering queries in the search text box.
- Enter keywords, globs, or phrases in the search text box and click the Search button to find only events that contain the keywords.
Use the glob * in search terms for zero or more characters. For example, searching for vm* returns results that match VMware and VMtools.Note: You cannot use globs as the first character of a search term. For example, you can use 192.168.0.*, but you cannot use *.168.0.0 in your filtering queries.
- Select one or more partitions next to the search text box to analyze logs in the partition. You can select multiple indexed partitions, multiple non-indexed partitions, or the recall partition, but not all at the same time.
- Select a time range next to the partition drop-down menu to find events within the range. Time ranges are inclusive when filtering.
- Search for log events that match certain values of specific fields. Using text in quotes in the main search text box matches exact phrases. Entering space in the main search text box is a logical AND operator. The search uses only full tokens. For example, searching for "err" does not find "error" as a match.
- Enter the field search criteria or filters by using the drop-down menus and the text box above the list of log events.
Within a single-row filter, press Enter or Tab to separate multiple OR filters. For example, select hostname contains and type 127.0.0.1, press Enter, and type 127.0.0.2. The search returns events with the host name 127.0.0.1 or 127.0.0.2.
You can combine multiple field filters by creating a filter row for each field. You can toggle the operator that is applied to multiple-row filters .
Note: Regardless of the toggle value, the operator for multiple values within a single filter row is always OR.
- Select all to apply the AND operator.
- Select any to apply the OR operator.