Compare results

When you perform a search, search results are displayed for the search criteria specified and for the time range selected. These results are displayed in the form of a timeline chart followed by a series of actual results retrieved from the data file indexed.

You can compare the results of the same query (summarized on the timeline chart) against two different time ranges. This allows you to easily view any differences between the two time ranges with respect to the log data.

This topic contains the following information:

Comparing results

To compare search results, click the three vertical dots (indicating a menu) next to All Data and select Compare Data. After doing this, select one of the compare options and click Compare.

Note

If you select the Custom time option, then you need to define the starting point first, and then click Compare.

On comparing, by default, the original timeline chart and the compared chart are merged together. You can choose to separate the charts by clicking Separate Charts. Alternatively, you can merge the charts by clicking Merge Charts.

The original timeline chart is displayed with the notation C1 while the compared chart is displayed with the notation C2. You can click the legend keys to hide (or show) the graph for the original time context (current time context) or the compared time context.

To return to the compare options, click Compare Options.

To return to the normal view and see the series of actual search results, click the three vertical dots (indicating a menu) next to All Data and select All Data.

Compare options

The following table provides a list of compare options that you can use for comparing search results across different time contexts:

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*