Search a Repository
To search a repository that contains data you use the
Search interface and write a query that
filters, formats and aggregates the information that you want.
Go to your Falcon LogScale instance in a web browser and click on the Repositories and views tab: you'll get a list of all the available repositories.
Select the name of the repository you want to search. You will be presented with the
Searchinterface.Do some simple searches in the input-box near the top left, also known as Query Editor. See Do a simple search for explanations and examples.
Create a widget based on the search you've just typed. See Create a Widget for explanations and examples.
 |
Figure 5. Repository Search Page
Do a simple search
As an example, we want to monitor which web pages were not found by users on your server — they could be caused by broken internal links or something else you can fix easily — by examining web server log entries that are being received in the repository. So let's ask Falcon LogScale to search for the status code, 404 "Page Not Found" and see if the repository in Falcon LogScale shows those events.
Type this search in the Query Editor space, the input-box near the top left:
logscalestatus = "404"(status codes can be in the status field, might also be in statuscode, status_code, etc.)
Hit Enter or click on the button labeled : Falcon LogScale will retrieve all entries that match.
Click on one of those entries, your screen will look something like the screenshot in Figure 6, “Error Code Search”.
Figure 6. Error Code Search
Notice the details that Falcon LogScale has parsed.
Check out our Search & Queries Tutorial for further guidelines
on how to play with the Search page.
The full documentation page describing all Falcon LogScale searching functionalities is Searching Data.