Advanced Search

Using Advanced Search, you can easily interact with your data. You can run simple and complex searches, save search elements and time ranges in the form of Bloks, and retrieve results to analyze failures or other anomalies.

The simple search mechanism retrieves all events that match the search terms. Advanced searches retrieve results by a "pipeline" concept, where expressions are separated by pipes ("|"). LogLogic LMI uses Event Query Language (EQL), which is an intuitive and efficient search query language that enables you to search large data and view results in seconds. A Structured Query Language (SQL) dialect is also supported.

For more information about how to form a search query and sample queries, see Search Syntax Reference.

You must specify the time in the Search or Time field. The Search and Time fields can be combined (by using AND) or used individually as described:

  • If you define the time in either the Search or Time field, the results are retrieved for the specified time period.
  • If you define the time in both, the Search field and the Time field, the results are retrieved for the time period that is common to both the fields.
Note: All dates and time values are defined in the local time zone of the installed system. They are not based on the browser’s time zone.
By navigating to Management > Advanced Features > Queries and then to the Search page, you can view search queries that are currently running or are completed. From this page, you can select and delete any query, if required. Deleting the query from this page closes the search tab for that query from the Advanced Search page.
Note: Queries used in Advanced Dashboards are not listed on this page.

For complex queries, you can create different types of Bloks that can be reused in future searches. Bloks are query fragments that can be easily referenced from queries. For detaileds about how to build and use Bloks, see Bloks.

For sample search examples, see Search Examples.

On the Advanced Search page, you can click to open multiple search tabs. You can run multiple searches using different search elements on the same data to analyze any anomalies.