Advanced Search - Overview

Using Advanced Search, you can easily interact with your data.

You can run simple and complex searches, save search elements and time ranges in the form of Bloks, and retrieve results to analyze failures or other anomalies.

The simple search mechanism retrieves all events that match the search terms. Advanced searches retrieve results by a "pipeline" concept, where expressions are separated by pipes ("|"). The LogLogic LMI search query language, Event Query Language (EQL), is intuitive and efficient. The search query supports searching large data and viewing results in seconds. A Structured Query Language (SQL) dialect is also supported.

For more information on how to form a search query and sample queries with explanation, see Search Syntax Reference.

The following Search and Time fields can be combined (by using AND) or used alone as described:

• If you define the time in either the Search or Time field, the results are retrieved for the specified time period.
• If you define the time in the Search field and Time field both, the results are retrieved for the intersection of the time periods.

You must specify time either in the Search or Time field.

By navigating to Management > Advanced Features > Queries and then to the Search page, you can view search queries that are currently running or are completed. From this page, you can select and delete any query, if required. Deleting the query from this page closes the Search tab for that query from the Advanced Search page.

For complex queries, you can create different types of Bloks that can be reused in future searches. Bloks are query fragments that can be easily referenced from queries. For detailed information about how to build and use Bloks, see Bloks.

For sample search examples, see Search Examples.

On the Advanced Search page, you can click to open multiple search tabs. You can run multiple searches using different search elements on the same data to analyze any anomalies.