Configuring Search Results Settings

Procedure

  1. From the top right of the Index Search page, click the Options button. The Columns and Grouping window is displayed.
  2. Optionally, enter a filter keyword in the Keyword field to narrow the displayed columns in your report.
  3. Select the appropriate Column Name by selecting the check box to include or exclude that column from your report. You can change the column name by clicking the name. The column name field becomes an editable field allowing you to make the changes.
    Note: If you enter the same column name for two columns, the Index Search Results page displays the results for those two columns merged into one column.
  4. Click or to move the selected column.
  5. Choose the Display options.
    Display Options
    Element Description
    Raw Select this option to display Index Search Results - both data in the columns, as well as the original raw message - in ascending order by time.
    Grouped Select this option to display Index Search Results - only the data in the columns without the original raw message - grouped by the selected column.
    Group By Choose the appropriate column to display group search results from the list. The default options are:
    • Time
    • Device IP
    • Device Source
    • Facility
    • Severity

    You can add more columns by creating custom tags using Log Labels.

    Time Interval This option is enabled when you select to Group By Time. The results are grouped based on the specified time interval. Select the Time Interval from the following options:
    • Every 5 Minutes
    • Every 30 Minutes
    • Every Hour
    • Every 3 Hours
    • Every 6 Hours
    • Every 12 Hours
    • Every Day
    • Every Week
    Sum By This optional setting allows you to add the numerical value of the selected column so that Search Results Summary displays the sum value of the grouped column instead of the count of message instances.
    Aggregation Size Select the option from the list. The results are sorted based on the selected option. The options are:
    • Top 1
    • Top 5
    • Top 50
    • All

      If the search result fetches multiple rows that have identical log count, the Aggregation Size element considers those rows as a single result group. Due to this, the Search Results tab might display more rows than the ’Top’ option that was selected.

      For example, if there are seven result rows with log count as 4, 7, 4, 0, 91, 235, and 1029, then the ’Top 5’ option returns six rows (4, 7, 4, 91, 235, and 1029), because two result rows that have identical log count (4) are considered as a single result group.

  6. Click Apply to apply the new settings. The Index Search Results page displays the refined search results.