Search
Search
Search queries can be formed using Lucene Query search syntax. The search field can be left empty by default. In such cases, the queries will be treated as a wildcard search and return all the rows for the given time range. You can formulate the queries as follows –
Phrase – Search for a specific text appearing in the event log. Use lowercase if possible and wrap the text within quotes, esp if the phrase contains stop words (such as full stops or dashes) or whitespace.
Phrase search example – userId, caseId, “SOAP Fault Detail”, "CASE-12345".
Fields – The following fields are available for log events
app – Application type. e.g. – cm, bz, mdm, env etc
appsvr – WebSphere Application Server. e.g. – server01, server02
logtype – type of log. e.g. – systemout, systemerr etc
lpar – LPAR name. e.g. – prd101, prd102 etc
tier – online or background. e.g. – onl, bg
elapsedtime – elapsed time in milliseconds for the method
methodname – name of the method. e.g. – GetItem
lpar – LPAR name. e.g. – prd101, prd102 etc
ipaddr – IP address of the client associated with the request
userid – user ID
Boolean Operators – Use Boolean operators for more control. Prefix terms by + or – signs. This is interpreted as follows + (this term must be present) and - (this term must not be present). All other appearing terms are considered optional. You can also use AND, OR and NOT (You can also write &&, || and !). The operators are case sensitive and you must specify the operators in upper case.
Wildcards – Wildcard searches can used on individual terms. Use ? to replace a single character, and * to replace zero or more characters. Avoid wildcards when possible as they are not very efficient.
Grouping – Grouping can be used to combine multiple terms within parentheses and form sub-queries. For example - methodname:( getAvailableCategoriesForUser OR searchGoldCustomer)
Ranges – Ranges can be specified for date, numeric or string fields. Inclusive ranges are specified with square brackets [min TO max] and exclusive ranges with curly brackets {min TO max}. One can also use >, >=, <, <= for unbounded ranges. Once can also use wildcards instead of providing upper or lower bounds. For example - elapsedtime:[5000 TO *]
Regular Expressions – Regular expression patterns can be embedded in the query string by wrapping them in forward-slashes ("/"). Use regular expressions with extreme caution.
Fuzzy Searches – Fuzzy searches allow you to look for terms similar to but not exactly like the search term. Typically, search looks for exact terms but with proximity search you can also look for words in different order or further apart from each other.
Query Examples
Return events which took more than 5 seconds
Return events for GetItem method which took more than 5 seconds
Return events for a specific method which took more than 5 seconds
Grouping example to return events for methods which took more than 5 seconds for specific user Ids
Search for a specific phrase. Put the phrase within double quotes
Last updated