• Spaces
  • Help
    • ×
     
     
    •  
    BMC TrueSight IT Data Analytics 2.7

    Page tree

    After data is collected, you can investigate your data by performing various kinds of search.

    These searches can help you troubleshoot a problem, perform root cause analysis, or analyze your data.

    The following information can help you construct searches and understand the various kinds of searches that you can perform.

    Related topics

    Search commands

    Searching for data

    Search strategies

    Detecting anomalies

    Searching for the first time

    You can search for data by specifying a search term in the search bar on the Search tab. When you search, you see results matching those search terms. This means if you specify a search term that is not present in the data that you are investigating, you will not be able to view search results.

    You need not know the exact search string present in the data. You can search for substrings by using the wildcard, asterisk (*).

    For more information about searching, see Performing a simple search.

    Understanding search results

    When you perform a search, you see results matching the search string specified.

    Normally when you perform a search, you can see a timeline chart representing the results obtained (on the top, under the search bar). Under the timeline chart, you can see a series of data records (or events) containing raw data, fields, and tags (on the bottom). You can also view results in other formats, for example in the form of a chart or table. For more information, see Viewing search results.

    If you specify particular search commands, it is possible that you see tabular outputs (instead of a timeline chart and a series of data records). For more information, see Search commands.

    Based on the search terms present in the search string, particular portions in the results are highlighted. For more information, see Search string examples and their results.

    Search string syntax

    Your search string can contain words, phrases, name=value pairs, fields, tags, and search commands. The accuracy of your search results depends on the syntax used for specifying the search criteria. Depending on your search string syntax, the search results obtained can be generic or specific.

    For more information, see Search string syntax.

    Running a search from the type-ahead search suggestions

    As you type in the search box, you can see a list of type-ahead suggestions that might be similar to the search query that you are typing.

    These suggestions include a list of the following items:

    • Saved searches: Top five most frequently run saved searches.
    • History: Top five most recently run regular searches.

    You can select a suggestion to perform a search with the suggested string as your search query.

    Continuing a paused search and stopping a search

    When you perform a search on the Search tab, after one minute, the search gets automatically paused. When the search is automatically paused, a notification asking whether you want to continue searching or stop (or cancel) the search appears in the search bar. To continue searching and displaying search results, click the Resume link. To stop (or cancel) the search, click the Cancel link in the search bar.

    To change the search pause time limit, add the indexing.psJobGetMoreTimeoutInmsec property in the searchserviceCustomConfig.properties file and save the file. This property defines the time limit (in milliseconds) after which the search (including notifications and dashboards) times out. For more information, see Modifying the configuration files.

    While your search is still on, you can manually cancel it by clicking Cancel Search at the end of the search bar.

    Exporting search results

    If you want to save the search results for later viewing, you can export them.

    To do this, click Export Results that is available at the top-right of the search results area.

    You can export a maximum of 10,000 search results. You can change the maximum number of results to export, by navigating to Administration > System Settings.

    You can export the results in one of the following formats:

    • CSV
    • Raw

    Where to go from here

    After performing a search, you can perform one or more of the following actions:



    © Copyright 2005-2023 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.