In this edition of the OnDemand Log Management new features review I’m going to familiarize yourself with the exciting changes we made to the core function of the product recently – events search.
There are many ways people search data today. The main factor that influence our search behavior is the nature of the actual data being searched. If data is unstructured (e.g. web pages, text documents) then full text search becomes your savior. For structured data (Windows events, database records, spreadsheets) it makes much more sense to search by specific parts of the composite record.
In OnDemand Log Management we decided to combine the best of the both worlds. You have the power of Google like search language coupled with familiar Excel like column based filtering.
One search tool nicely complements the other – start off by putting any word or phrase you’re looking for in the query box, get the initial results and narrow them down by putting additional criteria in the column filters. For example start your search with “logons”, then pick up the EventID field into the events grid and put in only the eventids of logon events you’re really interested in. Don’t know what eventids to look for? Find it out in our online event encyclopedia. Shrink the results further down by putting in the logon name of the user the logon events should be attributed to.
The syntax of the query language we came up with highly resembles that of Google or Windows 7 desktop search. We don’t want you to climb a huge learning curve of mastering yet another query language. Instead we want you to leverage your existing search skills you arguably apply every day. Today the language syntax can accommodate both plain words and phrases that can be found anywhere in the event and queries tied to particular fields that can be distinguished in the event. You can construct complex search criteria by stitching the simple parts together with the logical operators like AND and OR. You can also use wildcards to search by a substring that you can only remember (e.g. first N characters of the user name). The full language description along with the sample queries can be found in our online Help.
Of course, this is not where we’re going to stop. We hope that the first version of our query language will help you jump started with constructing basic event queries not requiring you to spend a lot of learning time beforehand. Meanwhile we’ll be sophisticating the language to let you do more with your event data both already collected and yet to come.
Tell us what you can and can not do with the search tools we put in your hands today! Spend two minutes of your time to vote for existing or submit new product improvement ideas by using this feedback widget that you can find on the left hand side of the product UI
Tags: Excel, feature update, full text search, Google, OnDemand, search
GoCloudy Blog 
Leave a Reply