Running a search
In the Finder tab of the Data Search area you can run a search in three different ways:
Selecting tag elements from the Finder lists
An intuitive way to query is by using the four tag level lists in the Finder tab. The four lists, from left to right, correspond to the four tag elements. These are technology, application, type, and subtype. When you select a tag level in the first box on the left, the lists in the other boxes will be filtered to display only the levels that the selected tag structures have.
Suppose, for example, you want to view the data table that collects the heartbeat events from the active relays. In this case, you could select, from left to right, syslog, relay, and conf. This will show the table of events with the syslog.relay.conf tag.
Once you select the final level of the tag, the selected data table will open to display its contents.
Tables with a large number of columns can be cumbersome to work with in the query window and often, many of the columns will not be relevant to the query you want to create. In these cases, you can select the columns that you want to show or hide in the query window, before you open the table. To do this, use the ellipsis menu on the final level of the tag and choose Show / Hide Columns.
This opens a window that lets you select the columns you want to show (checked) and the ones you want to hide (unchecked). Click Apply and the table opens in the query window showing only the columns you selected. You can use the Column Operations options to further customize the display of columns in your table.
Running a global search
Users with the necessary permissions can run a global search in Devo to find events across all the data tables.
- Go to Data Search → Finder, then open the Global Search tab.
- Enter the expression to search for. You can use standard AND and OR operators, use an asterisk ( * ) as a wild card, or quotation marks ( "" ) to indicate exact expressions.
For example: firstname.lastname@example.orgORuser2@domain.comAND"illegal access"AND*Apache
- Select the time period over which you want to search.
Use the toggles to include or exclude tables from the search. Click All Unchecked or All Checked to exclude or include all the tables to facilitate table selection.
Press ENTER on your keyboard to run the search.
The data table will open to display all of the events that match the parameters of your search.
Running a LINQ free text query
For users with the necessary permissions and familiar with LINQ scripting, the free text query can be a convenient option for querying data.
Go to Data Search → Finder, then open the Free Text Query tab.
Enter your LINQ query and click Run. If there are syntax errors, you will be alerted to make corrections. Otherwise, the data table will open to display the results of your query.
Some LINQ examples are displayed in the Help area on the right side of the window.
For more information, see the LINQ article.
Have we answered your question?
If not, please contact our technical support team via email by clicking the button below.CONTACT US