# Search ### Search Search queries can be formed using Lucene Query search syntax. The search field can be left empty by default. In such cases, the queries will be treated as a wildcard search and return all the rows for the given time range. You can formulate the queries as follows – **Phrase** – Search for a specific text appearing in the event log. Use lowercase if possible and wrap the text within quotes, esp if the phrase contains stop words (such as full stops or dashes) or whitespace. Phrase search example – userId, caseId, “SOAP Fault Detail”, "CASE-12345". **Fields** – The following fields are available for log events * app – Application type. e.g. – cm, bz, mdm, env etc * appsvr – WebSphere Application Server. e.g. – server01, server02 * logtype – type of log. e.g. – systemout, systemerr etc * lpar – LPAR name. e.g. – prd101, prd102 etc * tier – online or background. e.g. – onl, bg * elapsedtime – elapsed time in milliseconds for the method * methodname – name of the method. e.g. – GetItem * lpar – LPAR name. e.g. – prd101, prd102 etc * ipaddr – IP address of the client associated with the request * userid – user ID **Boolean Operators** – Use Boolean operators for more control. Prefix terms by + or – signs. This is interpreted as follows + (this term **must** be present) and - (this term **must not** be present). All other appearing terms are considered optional. You can also use **AND**, **OR** and **NOT** (You can also write **&&**, **||** and **!**). The operators are case sensitive and you must specify the operators in upper case. **Wildcards** – Wildcard searches can used on individual terms. Use ? to replace a single character, and \* to replace zero or more characters. Avoid wildcards when possible as they are not very efficient. **Grouping** – Grouping can be used to combine multiple terms within parentheses and form sub-queries. For example - methodname:( getAvailableCategoriesForUser OR searchGoldCustomer) **Ranges** – Ranges can be specified for date, numeric or string fields. Inclusive ranges are specified with square brackets \[min TO max] and exclusive ranges with curly brackets {min TO max}. One can also use >, >=, <, <= for unbounded ranges. Once can also use wildcards instead of providing upper or lower bounds. For example - elapsedtime:\[5000 TO \*] **Regular Expressions** – Regular expression patterns can be embedded in the query string by wrapping them in forward-slashes ("/"). Use regular expressions with extreme caution. **Fuzzy Searches** – Fuzzy searches allow you to look for terms similar to but not exactly like the search term. Typically, search looks for exact terms but with proximity search you can also look for words in different order or further apart from each other. ### Query Examples Return events which took more than 5 seconds ``` elapsedtime:>5000 ``` Return events for GetItem method which took more than 5 seconds ``` getitem AND elapsedtime:>5000 ``` Return events for a specific method which took more than 5 seconds ``` methodname:claimsgetnext AND elapsedtime:> 5000 ``` Grouping example to return events for methods which took more than 5 seconds for specific user Ids ``` elapsedtime:>5000 AND userid:(bob OR alice) ``` Search for a specific phrase. Put the phrase within double quotes ``` "SQLCODE=-911" ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.invariant.io/operational-insight/search.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.