custom search message field

You need additional help with phplogcon, then write into this forum.

Google Ads


custom search message field

Postby inside_noc » Thu Dec 13, 2012 9:52 am

Hello everyone.

I'm new to loganalyzer, just learning. I've encountered the following problem with custom search:
task is to search message field with several search strings using OR logic, filter has the following format filter=string1,string2. But it's not working. Filter works fine using string1 and string2 separately. What I'am doing wrong?

Thanks in advance.
inside_noc
New
 
Posts: 4
Joined: Thu Dec 13, 2012 9:41 am

Urgent Question?

  • Pulling out your Hair?
  • Wasting Time and Money?
  • Deadline Approaching?

Re: custom search message field

Postby alorbach » Fri Dec 14, 2012 12:29 pm

Can you post a sample? If you look to the sample the search string should look like this:
filter=field:=string1,string2
Or URL Replaced like this:
filter=field%3A%3Dstring1%2Cstring2

best regards,
Andre
alorbach
Site Admin
 
Posts: 1626
Joined: Thu Feb 13, 2003 11:55 am

Re: custom search message field

Postby inside_noc » Tue Dec 18, 2012 7:15 am

alorbach wrote:Can you post a sample? If you look to the sample the search string should look like this:
filter=field:=string1,string2
Or URL Replaced like this:
filter=field%3A%3Dstring1%2Cstring2

best regards,
Andre


Hello Andre,

sample search filter:

filter=POS,TenGigabit
inside_noc
New
 
Posts: 4
Joined: Thu Dec 13, 2012 9:41 am

Re: custom search message field

Postby alorbach » Tue Dec 18, 2012 10:45 am

The field is missing, in this case you are doing a full string search on message field for "POS,TenGigabit".
Do you want to search for multiple strings within the Message field? In this case just use
filter=POS TenGigabit

The Message field works a little different than the other fields when performing searches.
More details here: http://loganalyzer.adiscon.com/doc/searching.html
alorbach
Site Admin
 
Posts: 1626
Joined: Thu Feb 13, 2003 11:55 am

Re: custom search message field

Postby inside_noc » Wed Dec 19, 2012 10:52 am

alorbach wrote:The field is missing, in this case you are doing a full string search on message field for "POS,TenGigabit".
Do you want to search for multiple strings within the Message field? In this case just use
filter=POS TenGigabit

The Message field works a little different than the other fields when performing searches.
More details here: http://loganalyzer.adiscon.com/doc/searching.html


Thanks, you are right. I've tested filter=POS INIT It showed messages related to POS INIT and also POS DOWN for example - OR logic is working, but it works within a single MSG. If we have two messages, first is POS and second is TenGigabit -> this method doesn't work...Is it possible to create filter which takes into account more than one message for comparison using OR logic?
inside_noc
New
 
Posts: 4
Joined: Thu Dec 13, 2012 9:41 am

Re: custom search message field

Postby alorbach » Thu Dec 20, 2012 4:22 pm

I am afraid but OR filtering for the message field is not possible at the moment. This would require some deeper changes into the filtering logic.

best regards,
Andre Lorbach
alorbach
Site Admin
 
Posts: 1626
Joined: Thu Feb 13, 2003 11:55 am

Re: custom search message field

Postby inside_noc » Fri Dec 21, 2012 6:56 am

alorbach wrote:I am afraid but OR filtering for the message field is not possible at the moment. This would require some deeper changes into the filtering logic.

best regards,
Andre Lorbach


Thanks Andre.
inside_noc
New
 
Posts: 4
Joined: Thu Dec 13, 2012 9:41 am

Re: custom search message field

Postby sclark » Thu Jan 10, 2013 9:43 pm

In release notes for 2.7.0 beta it says that you can do regular expression searches by prepending ~ to the search string. This does not seem to work. My source is from a postgresql database fed by rsyslog. I am using 3.6.1.
sclark
New
 
Posts: 5
Joined: Thu Jan 10, 2013 9:03 pm

Re: custom search message field

Postby alorbach » Fri Jan 11, 2013 11:24 am

Can you post a sample search string?
alorbach
Site Admin
 
Posts: 1626
Joined: Thu Feb 13, 2003 11:55 am

Re: custom search message field

Postby sclark » Fri Jan 11, 2013 3:25 pm

~SMTP|smtp

Trying to search for either SMTP or smtp in the message field.
sclark
New
 
Posts: 5
Joined: Thu Jan 10, 2013 9:03 pm

Re: custom search message field

Postby alorbach » Fri Jan 11, 2013 4:53 pm

This should actually work well. I will look into this and run some tests on my dev machine.

best regards,
Andre
alorbach
Site Admin
 
Posts: 1626
Joined: Thu Feb 13, 2003 11:55 am

Re: custom search message field

Postby alorbach » Fri Jan 11, 2013 5:33 pm

Hi,

I found indeed a bug in the ApplyFilters function of the basic Logstream class which caused a problem with most REGEX filters.
It will be fixed within the next minor update, if you want to test the fix you can download a snapshot from our Git Repository:
http://git.adiscon.com/?p=phplogcon.git ... 33a;sf=tgz

best regards,
Andre Lorbach
alorbach
Site Admin
 
Posts: 1626
Joined: Thu Feb 13, 2003 11:55 am

Re: custom search message field

Postby sclark » Mon Jan 14, 2013 7:34 pm

Thanks Andre,

I would love to test the change but I am git challenged.
What git command do I use to fetch the snapshot?
sclark
New
 
Posts: 5
Joined: Thu Jan 10, 2013 9:03 pm

Re: custom search message field

Postby sclark » Mon Jan 14, 2013 8:42 pm

figured it out- clicking on the link downloaded it.
sclark
New
 
Posts: 5
Joined: Thu Jan 10, 2013 9:03 pm

Re: custom search message field

Postby sclark » Mon Jan 14, 2013 8:55 pm

Great it works!
Thanks again Andre.
sclark
New
 
Posts: 5
Joined: Thu Jan 10, 2013 9:03 pm

Google Ads


Next

Return to Help

Who is online

Users browsing this forum: No registered users and 1 guest

cron