×
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')
 
 
  •  
BMC TrueSight IT Data Analytics 11.0 ... Using Searching for data Refining searches

Search strategies

To perform a search, on the Search tab, you must specify search criteria and then click Search  to see results matching those criteria. Alternatively, you can press Enter to run your search. For more information, see Performing a simple search.

The following video (4:33) illustrates tips that you can use to search easily and more efficiently:

Note

The following video displays screens from an earlier version, however, the information provided in the video is still relevant to the current version of the product.


Related topics

Searching for data

Viewing search results

Type-ahead search suggestions

Analyzing data

 

http://yt.vu/pq2K8_hj0rc

This following tips can help you refine your searches and get better results:

Tip 1: Search for substrings

Use the asterisk (*) as a wildcard character for any unknown terms in your search string. For more information, see Getting started with search.

Tip 2: Focus on the time range

After specifying a search string, select a time range in which the data you are looking for is likely to occur. If you do not select an appropriate time range, then it is likely that you do not see any results, as that data might have occurred in the past. For more information about searching with a time context, see Filtering your search results.

Another reason why you might not be able to search for past data can be due to the data retention period set. For more information about data retention and deletion, see Setting up data collection.

Tip 3: Choose search terms carefully

While specifying a search criteria in the search box, choose terms that are likely to appear in the data that you are searching. For example, instead of searching for failure, search for error 401.

Depending on how you specify your search criteria, particular search results are highlighted. For more information, see Search string examples and their results.

Best practice

Broad search scopes is one of the factors that affect search performance. BMC recommends that you use specific keywords for searching rather than a wildcard character (*) piped by search commands. Using specific key words helps you reduce data that is irrelevant. Therefore, BMC recommends you to search for specific data sources, data pattern types, data collectors, application tags, and specific errors instead of searching for the wildcard asterisk (*). For more information, see Variables that impact product performance.

Tip 4: Start simple

When you start searching, start simple and then add more details. For example, start with error 500.

You can add more details later. This means you can use various operators such as && (and), || (or) and then add more words in your search string. For example, if you are trying to find error 500 in the data occurring from a particular host, then you can specify the search string, error 500 && HOST=Houston.

Note that if you do not specify the && operator between two words that are separated by space, then the product automatically interprets the || operator between those words. In the preceding example, if you had not specified the && operator, then the string would be interpreted as error 500 || HOST=Houston.

For more information, see Search string syntax.

Tip 5: Use filters when possible

You can filter data and narrow down your search results in various ways. Filtering can help you get more accurate results.

Fields and tags can be added in various ways – by using the Search Tools on the landing page, by using the Filters panel (on the left) of the Search page, and from the search results area.

You can also filter results by changing the time context for which the search results are displayed. For example, if you want to see the data trend for the last 24 hours, you can select Last 24 hours from the time range list on the Search tab.

For more information, see Filtering your search results.

Tip 6: Search for exact phrases

If you want to find results containing the exact string that you are searching for, then enclose the string in double quotes. For example, suppose you want to find the exact phrase, connection timed out, search for "connection timed out".

For more information, see Search string syntax.

Tip 7: Don't worry about the capitalization

You can ignore capitalization in the following scenarios:

  • Searching for plain text appearing in the raw data

    Example

    Searching for Response Size in the raw data is the same as response size.

  • Searching with search command names with the associated functions and operators

    Example

    Searching for ... | group maxevents=2 maxspan=2m is the same as ... | Group MaxEvents=2 MaxSpan=2m

  • Searching with field values and tag values when included in a manually added search string.

    Note that you can control case sensitivity for field values and tag values, but not field names and tag names. By default, field names and tag names are treated in a case sensitive way.

    Example

    • Searching for OS=WINDOWS is the same as OS=Windows.
      The field value, WINDOWS is case insensitive.
    • Searching for OS=Windows is not the same as os=Windows.
      The field name OS, is case sensitive.

For more information, see Case-sensitive search and case-insensitive search.

Was this page helpful? Yes No Submitting... Thank you
Last modified by Melody Locke on Mar 27, 2017
search best_practices using getting_started search_best videos

Comments

Log in or register to comment.

Refining searches
Filtering your search results
© Copyright 2014-2017 BMC Software, Inc
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2023 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.