The Search Field
You can enter queries in any of the supported languages (SQL or EQL), retrieving data from data models, with filters of any kind such as LIKE, regular expressions, comparison operators, math, functions, and so on. You can use single or multiple terms.
Enter USE to start an EQL statement and enter SELECT to start an SQL statement. You can search data based on Bloks. For details on how to add a new Blok or use the existing Bloks, see
Bloks.
As you start typing, the Content Assist feature shows contextual matches and completions for each keyword into the
Search field. Click
to view results.
Note: When copying a query from another rich text format application, such as Microsoft Word, into
LogLogic LMI can interfere with processing of the query. For example, extraneous characters can be added to the query or straight quotation marks (") can be replaced with curly quotation marks (”) , like “ and ”, which are not part of a correct query string. Therefore, when copying from a rich format source, review the search query syntax and correct any errors before proceeding.
For example, enter the following query in the Search field to retrieve events from the system data model within the last hour:
use system | sys_eventTime in -1h:NOWThe system data model refers to all the data in the system.
Copyright © Cloud Software Group, Inc. All rights reserved.