You can use the list of existing fields to search log events with specific values for a field.

About this task

Important:

vRealize Log Insight indexes complete, alphanumeric, hyphen, and underscore characters.

Prerequisites

Verify that you are logged in to the vRealize Log Insight Web user interface. The URL format is https://log_insight-host, where log_insight-host is the IP address or host name of the vRealize Log Insight virtual appliance.

Procedure

  1. Navigate to the Interactive Analytics tab.
  2. Click Add Filter.
  3. In the filter row under the search text box, use the first drop-down menu to select any field defined within vRealize Log Insight.

    For example, hostname.

    The list contains all defined fields that are available statically, in content packs, and in custom content. Fields are sorted by name, except for the text field. Because text is a special field that refers to the message text, text appears at the top of the list, and is selected by default.

    Note:

    Numeric fields contain additional operators that string fields do not: =, >, <, >=, <=. These operators perform numeric comparisons and using them yields different results than using string operators. For example, the filter response_time = 02 will match an event that contains a response_time field with a value 2. The filter response_time contains 02 will not have the same match.

  4. In the filter row under the search text box, use the second drop-down menu to select the operation to apply to the field selected in the first drop-down menu.

    For example, select contains. The contains filter matches full tokens: searching for "err" will not find "error" as a match.

  5. In the text box to the right of the filter drop-down menu, type the value that you want to use as a filter.

    You can list multiple values separated by comma. The operator between these values is OR.

    Note:

    The text box is not available if you select the exists operator in the second drop-down menu.

  6. (Optional) : To add more filters, click Add Filter.

    A toggle button appears above the filter rows.

  7. (Optional) : For multiple filter rows, select the operator between filters.

    Option

    Description

    all

    Select to apply the AND operation between filter rows

    any

    Select to apply the OR operation between filter rows

    By default, all is selected.

  8. Click the Search button.

Search for a Group of Hosts that Have a Common String in Their Names

Assume that you have several hosts that have a host with the following name: w1-stvc-205-prod3, and another host that is called w1-stvc-206-prod5.

To find all logs for both hosts, create the following query.

  1. 1. Leave the search text box empty.

  2. Define the filter.

    1. Select hostname from the field drop-down menu.

    2. Select starts with from the operator drop-down menu.

    3. Type w1-stvc in the value text box.

    Alternatively, you can use the contains operator, but then you must use a glob in the search value. In this example, you must type w1-stvc-* in the value text box.

  3. Click the Search button.

What to do next

You can save the current query to load it at a later stage.