Search tips

To perform a search, on the Search tab, you must specify a search criteria and then click Search  to see results matching those criteria. Alternatively, you can press Enter to run your search. When you start typing your search string, the search bar offers type-ahead search suggestions based on a history of your search queries. These suggestions are a predicted list that might match the last few words of the search string that you want to type.

The following video (4:33) illustrates tips that you can use to search easily. The [confluence_iframe] macro is a standalone macro and it cannot be used inline. Click on this message for details.
This macro generates standalone content. As a consequence you need to make sure to use a syntax that separates your macro from the content before and after it so that it's on a line by itself. For example in XWiki Syntax 2.0+ this means having 2 newline characters (a.k.a line breaks) separating your macro from the content before and after it. http://yt.vu/pq2K8_hj0rc

Tip 1: Search for substrings

Use the asterisk (*) as a wildcard character for any unknown terms in your search string. For more information, see Searching-the-data.

Tip 2: Focus on the time range

After specifying a search string, select a time range in which the data you are looking for is likely to occur. If you do not select an appropriate time range, then it is likely that you do not see any results, as that data might have occurred in the past. For more information about searching with a time context, see Searching-the-data.

Another reason why you might not be able to search for past data can be due to the data retention period set. For more information about data retention and deletion, see Managing-data-collectors.

Tip 3: Choose search terms carefully

While specifying a search criteria in the search box, choose terms that are likely to appear in the data that you are searching. For example, instead of searching for failure, search for error 401.

Depending on how you specify your search criteria, particular search results are highlighted. For more information, see Examples-of-search-string-results.

Tip 4: Start simple

When you start searching, start simple and then add more details. For example, start with error 500.

You can add more details later. This means you can use various operators such as && (and), || (or) and then add more words in your search string. For example, if you are trying to find error 500 in the data occurring from a particular host, then you can specify the search string, error 500 && HOST=Houston.

Note that if you do not specify the && operator between two words that are separated by space, then the product automatically interprets the || operator between those words. In the preceding example, if you had not specified the && operator, then the string would be interpreted as error 500 || HOST=Houston.

For more information, see Search-string-syntax.

Tip 5: Use filters when possible

You can filter data and narrow down your search results in various ways. Filtering can help you get more accurate results.

Fields and tags can be added in various ways – by using the Search Tools on the landing page, by using the Filters panel (on the left) of the Search page, and from the search results area.

You can also filter results by changing the time context for which the search results are displayed. For example, if you want to see the data trend for the last 24 hours, you can select Last 24 hours from the time range list on the Search tab.

For more information, see Filtering-your-search-results.

Tip 6: Search for exact phrases

If you want to find results containing the exact string that you are searching for, then enclose the string in double quotes. For example, suppose you want to find the exact phrase, connection timed out, search for "connection timed out".

For more information, see Search-string-syntax.

Tip 7: Don't worry about the capitalization

A search for the word, Response Size in the raw data is the same as response size. While searching for plain text appearing in the raw data, you need not be careful about the correct capitalization.

However, the following kinds of searches are case sensitive:

• Searching for field name=value pairs.
• Searching for tag name=value pairs.
• Searching with certain search command operators while specifying a search command as your search term.
  For example, the by operator while specifying the rare command or while specifying the as operator while specifying the stats command.

For more information, see Search-string-syntax.