This article guides the Portal user on how to construct log query using the enhanced query option with added functionalities
Constructing a log query using Enhanced Query (Please refer to the portal guide in the portal downloads section: Symantec MSS Portal Users Guide page 115-117)
The Enhanced Query tab displays a revamped user interface for you to create your log queries. This is also where we are implementing new visual features and enhanced reporting functionality .
Using the Logs page, you can construct, edit, and copy queries on a large number of fields. Part of constructing a log query is using operators. These operators tell the query function which logic to apply when processing each line. See Table 9-1 for definitions and examples of the available operators.(Symantec MSS Portal Users Guide page 115-116)
Pic.1: Enhanced log query options
To create a log query using Enhanced Query
1. In the Logs page, click the Enhanced Query tab.
2. In the Enhanced Query tab, under Set Query Parameters, click the link next to Time Period and select a time frame for this query . Time period selection is required. The options are 1 hour, 2 hours, 4 hours, 8 hours, 12 hours, 24 hours, 48 hours, 7 days, and Custom. The default selection is 1 hour. Selecting Custom requires you to use the calendar widgets to choose a valid date range.
3. Click the link next to Criteria and select a criterion from the list.
4. Choose an operator from the list. See Table 9-1 for more information on the query operators.
5. Depending on the criterion and operator that you chose, type a value for the condition or select it from the list.
6. Click + to add another condition or click ( ) to add a nested or parenthetical condition.
If you add a condition, choose AND or OR, then continue creating the new condition as you did the first one.
If you add a nested condition, continue creating it as you did the first condition, and then either click + to add another condition at this level, click ( ) to add a parenthetical condition nested at a deeper level, or return to the first condition and click + to add another top-level condition.
Note: You can nest parenthetical conditions only three levels deep.
7. When you have finished adding the condition lines, click the link next to Group By, if available. This is optional and lets you group the query results by a field of your choosing.
8. Optionally, use the Restrictions feature to define conditions for when to show your results. Click the check box to use the feature, then choose an operator from the list, and type a numerical value. For example, you could employ this option if you want the choice to display results only when the count returned exceeds a certain amount.
9. Next to Display results, choose your preferred report format.
If you elected to group your results by a criterion, your display options are:
■ Over time in a multi-line time series graph
■ By your grouping choice on a bar, column, pie, or line graph
If you elected not to group your results, your display options are:
■ Over time in a single-line time series graph
■ As an aggregate count of the log lines
10. Click Get Results. T o start over, click Clear.
Pic.2 : Table 9-1 : Definitions and examplesof the available operators
To save a log query
1. In the Enhanced Query page, create a new query as described previously , or
click the link for a saved query from the list on the left.
2. Click Save As.
3. In the Save Query window, type your preferred name and description for this
4. Click Save.
To update a saved log query
1. In the Enhanced Query page, click the link for a saved query from the list on the left.
2. Click Edit to change the query's name and description.
3. In the Save Query window, type the new name and description.
4. Click Save.
5. Modify the query's time frame and conditions as necessary .
6. Click Update.