Specifying Filters for Index Searches

The following are examples of how to use the getReport filters parameter to specify search filters for Index Search or Index Report queries.

Index Search

There are two ways to specify search filters with Index Search:

  • Specify a pre-defined search filter that contains a Boolean search expression:

    Example:

    SOAP request with the predefined Boolean Search filter:
    <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:rep="ReportService">
       <soapenv:Header/>
       <soapenv:Body>
          <rep:getReport>
             <!--Optional:-->
             <rep:authToken>admin/admin123</rep:authToken>
             <!--Optional:-->
             <rep:applianceIP>10.114.81.43</rep:applianceIP>
             <rep:reportType>1</rep:reportType>
             <!--Optional:-->
             <rep:reportName>SearchExpressionHits</rep:reportName>
             <!--Optional:-->
             <rep:sourceDeviceName>All</rep:sourceDeviceName>
             <!--Optional:-->
             <rep:timeRangeType>SpecificTime</rep:timeRangeType>
             <!--Optional:-->
             <rep:fromTime>2019-03-12T15:38:59.000-07:00</rep:fromTime>
             <!--Optional:-->
             <rep:toTime>2019-03-12T16:38:59.000-07:00</rep:toTime>
             <!--Optional:-->
             <rep:sortColumn></rep:sortColumn>
             <!--Zero or more repetitions:-->
             <rep:filters>/predefined/=/boolen_sf1/</rep:filters>
             <rep:startRow>0</rep:startRow>
             <rep:numberRowsToRetrieve>1111</rep:numberRowsToRetrieve>
          </rep:getReport>
       </soapenv:Body>
    </soapenv:Envelope>
    
    SOAP response for predefined Boolean Search filter:
    <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
       <soapenv:Header/>
       <soapenv:Body>
          <ns:getReportResponse xmlns:ns="ReportService">
             <ns:return xsi:type="ax225:ReportResultSet" xmlns:ax225="http://report.services.logapp.loglogic.com/xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
                <ax225:columnNames xsi:type="ax225:ReportColumns">
                   <ax225:columnCount>7</ax225:columnCount>
                   <ax225:columns>Time</ax225:columns>
                   <ax225:columns>Device IP</ax225:columns>
                   <ax225:columns>Device Source</ax225:columns>
                   <ax225:columns>Facility</ax225:columns>
                   <ax225:columns>Severity</ax225:columns>
                   <ax225:columns>LogRefId</ax225:columns>
                   <ax225:columns>Message</ax225:columns>
                </ax225:columnNames>
                <ax225:endTime>2019-03-12T16:38:00.000-07:00</ax225:endTime>
                <ax225:errorCause>0</ax225:errorCause>
                <ax225:errorCode>0</ax225:errorCode>
                <ax225:records xsi:type="ax225:ReportRecords">
                   <ax225:recordCount>1111</ax225:recordCount>
                   <ax225:theRecords xsi:type="ax225:Record">
                      <ax225:columnValues>03/12/19 15:38:01</ax225:columnValues>
                      <ax225:columnValues>10.114.81.43</ax225:columnValues>
                      <ax225:columnValues>::ffff:10.114.81.43_logapp</ax225:columnValues>
                      <ax225:columnValues>1</ax225:columnValues>
                      <ax225:columnValues>6</ax225:columnValues>
                      <ax225:columnValues>7f000001|932FA7370|1|2</ax225:columnValues>
                      <ax225:columnValues>&lt;14>Mar 12 15:38:01 logapp MGMT: %LOGLOGIC-6 module:engine_collector(1401);  file:stlog.c(InsertBFQMetaData,677);  action:STDF: INSERT INTO logapprtrpt.stDataFiles (time, filename, messages, timespan, originalFilesize,  checksum, checksumType, compressed, compressedFilesize,  compressionLevel, expiration, indexRetention,insertOrder,fileKey)  VALUES (1552430220, '/loglogic/data/vol1/2019/03/12/2200/rawdata_10038_1552430220_60-365.txt.gz', 137, 60, 20724, '29f8f5d6acc5638cfc73dc3b807119a2', 1, 1, 262144, 1, 1583966281, 365,1552430281070,100382019031222000)   ;</ax225:columnValues>
                   </ax225:theRecords>
                   <ax225:theRecords xsi:type="ax225:Record">
                      <ax225:columnValues>03/12/19 15:38:01</ax225:columnValues>
                      <ax225:columnValues>127.0.0.1</ax225:columnValues>
                      <ax225:columnValues>::ffff:127.0.0.1_General</ax225:columnValues>
                      <ax225:columnValues>17</ax225:columnValues>
                      <ax225:columnValues>7</ax225:columnValues>
                      <ax225:columnValues>7f000001|932FA7370|2|2</ax225:columnValues>
                      <ax225:columnValues>&lt;143>Mar 12 15:38:01 logapp DEBUG c.l.l.c.m.ConfigPollingCollectorManager  - [MANAGER       - lspc                ] - Checking for configuration changes...</ax225:columnValues>
                   </ax225:theRecords>
                   <ax225:theRecords xsi:type="ax225:Record">
                      <ax225:columnValues>03/12/19 15:38:02</ax225:columnValues>
                      <ax225:columnValues>10.114.81.43</ax225:columnValues>
                      <ax225:columnValues>::ffff:10.114.81.43_logapp</ax225:columnValues>
                      <ax225:columnValues>1</ax225:columnValues>
                      <ax225:columnValues>6</ax225:columnValues>
                      <ax225:columnValues>7f000001|932FA7370|3|2</ax225:columnValues>
                      <ax225:columnValues>&lt;14>Mar 12 15:38:01 logapp MGMT: %LOGLOGIC-6 module:engine_lx_parser(30479);  file:rtf_r.c(rtf_remove_file,245);  action:closing 0 offset 20724 /loglogic/data/vol1/2019/03/12/2200/rawdat
  • Specify a Boolean expression:

    Example:

    SOAP request with the specified Boolean-search-expression:

    <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:rep="ReportService">
       <soapenv:Header/>
       <soapenv:Body>
          <rep:getReport>
             <!--Optional:-->
             <rep:authToken>admin/admin123</rep:authToken>
             <!--Optional:-->
             <rep:applianceIP>10.114.81.43</rep:applianceIP>
             <rep:reportType>1</rep:reportType>
             <!--Optional:-->
             <rep:reportName>SearchExpressionHits</rep:reportName>
             <!--Optional:-->
             <rep:sourceDeviceName>All</rep:sourceDeviceName>
             <!--Optional:-->
             <rep:timeRangeType>SpecificTime</rep:timeRangeType>
             <!--Optional:-->
             <rep:fromTime>2019-03-12T15:38:59.000-07:00</rep:fromTime>
             <!--Optional:-->
             <rep:toTime>2019-03-12T16:38:59.000-07:00</rep:toTime>
             <!--Optional:-->
             <rep:sortColumn></rep:sortColumn>
             <!--Zero or more repetitions:-->
             <rep:filters>/fullTextSrchCriteria/=/admin AND login/</rep:filters>
             <rep:startRow>0</rep:startRow>
             <rep:numberRowsToRetrieve>1111</rep:numberRowsToRetrieve>
          </rep:getReport>
       </soapenv:Body>
    </soapenv:Envelope>
    Note: The Boolean expression is case-insensitive.
    SOAP response with the specified Boolean-search-expression:
    <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
       <soapenv:Header/>
       <soapenv:Body>
          <ns:getReportResponse xmlns:ns="ReportService">
             <ns:return xsi:type="ax225:ReportResultSet" xmlns:ax225="http://report.services.logapp.loglogic.com/xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
                <ax225:columnNames xsi:type="ax225:ReportColumns">
                   <ax225:columnCount>7</ax225:columnCount>
                   <ax225:columns>Time</ax225:columns>
                   <ax225:columns>Device IP</ax225:columns>
                   <ax225:columns>Device Source</ax225:columns>
                   <ax225:columns>Facility</ax225:columns>
                   <ax225:columns>Severity</ax225:columns>
                   <ax225:columns>LogRefId</ax225:columns>
                   <ax225:columns>Message</ax225:columns>
                </ax225:columnNames>
                <ax225:endTime>2019-03-12T16:38:00.000-07:00</ax225:endTime>
                <ax225:errorCause>0</ax225:errorCause>
                <ax225:errorCode>0</ax225:errorCode>
                <ax225:records xsi:type="ax225:ReportRecords">
                   <ax225:recordCount>1</ax225:recordCount>
                   <ax225:theRecords xsi:type="ax225:Record">
                      <ax225:columnValues>03/12/19 15:53:05</ax225:columnValues>
                      <ax225:columnValues>10.114.81.43</ax225:columnValues>
                      <ax225:columnValues>::ffff:10.114.81.43_logapp</ax225:columnValues>
                      <ax225:columnValues>22</ax225:columnValues>
                      <ax225:columnValues>6</ax225:columnValues>
                      <ax225:columnValues>7f000001|932FA7460|2A|2</ax225:columnValues>
                      <ax225:columnValues>&lt;182> Mar 12 15:53:05 10.114.81.43 %LOGLOGIC-6-3100: user:admin;  module:user_intfc;  action:login;  status:success;  session_id:1924681796;  client_ip:10.98.192.195;  target_ip:10.114.81.43;  info: orig_session_id,72B85044EB6B0AF95847E441BDDB37AB,</ax225:columnValues>
                   </ax225:theRecords>
                </ax225:records>
                <ax225:reportName>Index Search</ax225:reportName>
                <ax225:startTime>2019-03-12T15:38:00.000-07:00</ax225:startTime>
             </ns:return>
          </ns:getReportResponse>
       </soapenv:Body>
    </soapenv:Envelope>
    

Index Report

Using Index Report you can specify multiple pre-defined Boolean search filters:

Example:

SOAP request for Index Report for pre-defined Boolean search filters:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:rep="ReportService">
   <soapenv:Header/>
   <soapenv:Body>
      <rep:getReport>
         <!--Optional:-->
         <rep:authToken>admin/admin123</rep:authToken>
         <!--Optional:-->
         <rep:applianceIP>10.114.81.43</rep:applianceIP>
         <rep:reportType>3</rep:reportType>
         <!--Optional:-->
         <rep:reportName>indexR1</rep:reportName>
         <!--Optional:-->
         <rep:sourceDeviceName>All</rep:sourceDeviceName>
         <!--Optional:-->
         <rep:timeRangeType>SpecificTime</rep:timeRangeType>
         <!--Optional:-->
         <rep:fromTime>2019-03-12T15:38:59.000-07:00</rep:fromTime>
         <!--Optional:-->
         <rep:toTime>2019-03-12T16:38:59.000-07:00</rep:toTime>
         <!--Optional:-->
         <rep:sortColumn></rep:sortColumn>
         <!--Zero or more repetitions:-->
         <rep:filters>/fullTextSrchCriteria/=/sf2,sf3/</rep:filters>
         <rep:startRow>0</rep:startRow>
         <rep:numberRowsToRetrieve>1111</rep:numberRowsToRetrieve>
      </rep:getReport>
   </soapenv:Body>
</soapenv:Envelope>
SOAP response for Index Report:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
   <soapenv:Header/>
   <soapenv:Body>
      <ns:getReportResponse xmlns:ns="ReportService">
         <ns:return xsi:type="ax225:ReportResultSet" xmlns:ax225="http://report.services.logapp.loglogic.com/xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <ax225:columnNames xsi:type="ax225:ReportColumns">
               <ax225:columnCount>5</ax225:columnCount>
               <ax225:columns>Search Filter Name</ax225:columns>
               <ax225:columns>Description</ax225:columns>
               <ax225:columns>Search Terms</ax225:columns>
               <ax225:columns>Count</ax225:columns>
               <ax225:columns>LLDetailTokenRef</ax225:columns>
            </ax225:columnNames>
            <ax225:endTime>2019-03-12T16:38:59.000-07:00</ax225:endTime>
            <ax225:errorCause>0</ax225:errorCause>
            <ax225:errorCode>0</ax225:errorCode>
            <ax225:records xsi:type="ax225:ReportRecords">
               <ax225:recordCount>1</ax225:recordCount>
               <ax225:theRecords xsi:type="ax225:Record">
                  <ax225:columnValues>sf1</ax225:columnValues>
                  <ax225:columnValues/>
                  <ax225:columnValues>logapp</ax225:columnValues>
                  <ax225:columnValues>8474</ax225:columnValues>
                  <ax225:columnValues>U2VhcmNoRXhwcmVzc2lvbkhpdHMsQWxsLDIsZnVsbFRleHRTcmNoQ3JpdGVyaWEsbG9nYXBwLHRvdGFsQ291bnQsODQ3NCxleHByZXNzaW9uLGZ1bGxUZXh0U3JjaENyaXRlcmlhLGRldmljZVR5cGUsYWxsLGluZGV4UjE=</ax225:columnValues>
               </ax225:theRecords>
            </ax225:records>
            <ax225:reportName>indexR1</ax225:reportName>
            <ax225:startTime>2019-03-12T15:38:59.000-07:00</ax225:startTime>
         </ns:return>
      </ns:getReportResponse>
   </soapenv:Body>
</soapenv:Envelope>

Specifying Filters for Detail Report

When the target report is a summary report, an extra column, LLDetailTokenRef will be returned in the response. You can use this value to retrieve the detail report of a specified row that you want to drilldown. To do so, set the report type to 4 and provide the detail token in the filters parameter. The values in reportName and sourceDeviceName parameters are ignored in this report type. The following are examples of how to use the getReport filters parameter to specify filter for Detail Report queries:

Example:

SOAP request for Detail Report queries:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:rep="ReportService">
   <soapenv:Header/>
   <soapenv:Body>
      <rep:getReport>
         <!--Optional:-->
         <rep:authToken>admin/admin123</rep:authToken>
         <!--Optional:-->
         <rep:applianceIP>10.114.81.43</rep:applianceIP>
         <rep:reportType>4</rep:reportType>
         <!--Optional:-->
         <rep:reportName>indexR1</rep:reportName>
         <!--Optional:-->
         <rep:sourceDeviceName>All</rep:sourceDeviceName>
         <!--Optional:-->
         <rep:timeRangeType>SpecificTime</rep:timeRangeType>
         <!--Optional:-->
         <rep:fromTime>2019-03-12T15:38:59.000-07:00</rep:fromTime>
         <!--Optional:-->
         <rep:toTime>2019-03-12T16:38:59.000-07:00</rep:toTime>
         <!--Optional:-->
         <rep:sortColumn></rep:sortColumn>
         <!--Zero or more repetitions:-->
         <rep:filters>/LLDetailTokenRef/=/U2VhcmNoRXhwcmVzc2lvbkhpdHMsQWxsLDIsZnVsbFRleHRTcmNoQ3JpdGVyaWEsbG9nYXBwLHRvdGFsQ291bnQsODQ3NCxleHByZXNzaW9uLGZ1bGxUZXh0U3JjaENyaXRlcmlhLGRldmljZVR5cGUsYWxsLGluZGV4UjE=/</rep:filters>
         <rep:startRow>0</rep:startRow>
         <rep:numberRowsToRetrieve>1111</rep:numberRowsToRetrieve>
      </rep:getReport>
   </soapenv:Body>
</soapenv:Envelope>

SOAP response for Detail Report queries:

one example for the response

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
   <soapenv:Header/>
   <soapenv:Body>
      <ns:getReportResponse xmlns:ns="ReportService">
         <ns:return xsi:type="ax225:ReportResultSet" xmlns:ax225="http://report.services.logapp.loglogic.com/xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <ax225:columnNames xsi:type="ax225:ReportColumns">
               <ax225:columnCount>7</ax225:columnCount>
               <ax225:columns>Time</ax225:columns>
               <ax225:columns>Device IP</ax225:columns>
               <ax225:columns>Device Source</ax225:columns>
               <ax225:columns>Facility</ax225:columns>
               <ax225:columns>Severity</ax225:columns>
               <ax225:columns>LogRefId</ax225:columns>
               <ax225:columns>Message</ax225:columns>
            </ax225:columnNames>
            <ax225:endTime>2019-03-12T16:38:00.000-07:00</ax225:endTime>
            <ax225:errorCause>0</ax225:errorCause>
            <ax225:errorCode>0</ax225:errorCode>
            <ax225:records xsi:type="ax225:ReportRecords">
               <ax225:recordCount>1111</ax225:recordCount>
               <ax225:theRecords xsi:type="ax225:Record">
                  <ax225:columnValues>03/12/19 15:38:01</ax225:columnValues>
                  <ax225:columnValues>10.114.81.43</ax225:columnValues>
                  <ax225:columnValues>::ffff:10.114.81.43_logapp</ax225:columnValues>
                  <ax225:columnValues>1</ax225:columnValues>
                  <ax225:columnValues>6</ax225:columnValues>
                  <ax225:columnValues>7f000001|932FA7370|1|2</ax225:columnValues>
                  <ax225:columnValues>&lt;14>Mar 12 15:38:01 logapp MGMT: %LOGLOGIC-6 module:engine_collector(1401);  file:stlog.c(InsertBFQMetaData,677);  action:STDF: INSERT INTO logapprtrpt.stDataFiles (time, filename, messages, timespan, originalFilesize,  checksum, checksumType, compressed, compressedFilesize,  compressionLevel, expiration, indexRetention,insertOrder,fileKey)  VALUES (1552430220, '/loglogic/data/vol1/2019/03/12/2200/rawdata_10038_1552430220_60-365.txt.gz', 137, 60, 20724, '29f8f5d6acc5638cfc73dc3b807119a2', 1, 1, 262144, 1, 1583966281, 365,1552430281070,100382019031222000)   ;</ax225:columnValues>
               </ax225:theRecords>
               <ax225:theRecords xsi:type="ax225:Record">
                  <ax225:columnValues>03/12/19 15:38:01</ax225:columnValues>
                  <ax225:columnValues>127.0.0.1</ax225:columnValues>
                  <ax225:columnValues>::ffff:127.0.0.1_General</ax225:columnValues>
                  <ax225:columnValues>17</ax225:columnValues>
                  <ax225:columnValues>7</ax225:columnValues>
                  <ax225:columnValues>7f000001|932FA7370|2|2</ax225:columnValues>
                  <ax225:columnValues>&lt;143>Mar 12 15:38:01 logapp DEBUG c.l.l.c.m.ConfigPollingCollectorManager  - [MANAGER       - lspc                ] - Checking for configuration changes...</ax225:columnValues>
               </ax225:theRecords>
               <ax225:theRecords xsi:type="ax225:Record">
                  <ax225:columnValues>03/12/19 15:38:02</ax225:columnValues>
                  <ax225:columnValues>10.114.81.43</ax225:columnValues>
                  <ax225:columnValues>::ffff:10.114.81.43_logapp</ax225:columnValues>
                  <ax225:columnValues>1</ax225:columnValues>
                  <ax225:columnValues>6</ax225:columnValues>
                  <ax225:columnValues>7f000001|932FA7370|3|2</ax225:columnValues>
                  <ax225:columnValues>&lt;14>Mar 12 15:38:01 logapp MGMT: %LOGLOGIC-6 module:engine_lx_parser(30479);  file:rtf_r.c(rtf_remove_file,245);  action:closing 0 offset 20724 /loglogic/data/vol1/2019/03/12/2200/rawdata_10038_1552430220_60-365.txt.gz ;</ax225:columnValues>
               </ax225:theRecords>
               <ax225:theRecords xsi:type="ax225:Record">
                  <ax225:columnValues>03/12/19 15:38:02</ax225:columnValues>
                  <ax225:columnValues>10.114.81.43</ax225:columnValues>
                  <ax225:columnValues>::ffff:10.114.81.43_logapp</ax225:columnValues>
                  <ax225:columnValues>1</ax225:columnValues>
                  <ax225:columnValues>6</ax225:columnValues>
                  <ax225:columnValues>7f000001|932FA7370|4|2</ax225:columnValues>
                  <ax225:columnValues>&lt;14>Mar 12 15:38:01 logapp MGMT: %LOGLOGIC-6 module:engine_lx_parser(30479);  file:rtf_r.c(rtf_open_files,490);  action:opening current file at time 1552430281 Tue Mar 12 15:38:01 2019  ;</ax225:columnValues>
               </ax225:theRecords>
               <ax225:theRecords xsi:type="ax225:Record">
                  <ax225:columnValues>03/12/19 15:38:07</ax225:columnValues>
                  <ax225:columnValues>10.114.81.43</ax225:columnValues>
                  <ax225:columnValues>::ffff:10.114.81.43_logapp</ax225:columnValues>