See Also
These parameters configure advanced global search options on the Edit Search Options page. Any search from the Analyzer > Search page will enable you to conduct any search from a URL using the parameters described below. To adjust these options, click Search Options from the Configuration > Search menu.
Field Search Options
|
Option |
Description |
|---|---|
|
Default: Yes Controls whether to differentiate between upper- and lower-case characters during a search. When this option is set to No, searching for "login" will find "login," "Login," and "LOGIN". Setting this option to No may affect query performance. Changing the case-sensitivity only applies to the local Logger. Peer Loggers will continue to use their own settings. Full-text search (keyword search) is case insensitive. You cannot change its case sensitivity. Note: You must |
|
|
Include NULL field value in NOT operator results |
Default: No Setting this option to Yes causes queries using the NOT operator to return events where the field value matches the filter criteria or is NULL. The default, No, causes queries using the NOT operator to only return events where the field value matches the filter criteria. Note: You must |
|
Enforce Header Request (ehr) |
Default: Yes Hides the navigation bar when processing a request from another system. |
|
ausm_query |
Query expression that will be executed. Example values:
|
For more information about field searches, see Field-Based Search.
URL Options
|
Option |
Description |
|---|---|
|
Local_search |
Values: True, False Default: True Enables a peer or local search. |
|
Field_summary |
Values: True, False Default: True You can also change the setting once results are retrieved by checking the Fields Summary box on the Search screen. |
|
Discover_fields |
Values: True, False Default: False Detects non-CEF fields in raw events automatically. You can also change the setting once results are retrieved by checking the Discover Fields box. |
For more information about the field summary panel, see The Field Summary Panel. For more information about discovering fields, see Discovering Fields in Raw Event Data.
Time Options
|
Option |
Description |
|---|---|
|
From |
Values: Dynamic, static. Start time of the search. |
|
To |
Values: Dynamic, static. Example values: $Now - 12 8/10/2020 14:02:02 End time of the search. |
|
Search_time |
Values: event_time: When the event actually occurred. receipt_time: When the event arrived to logger. Sets the time type used when executing the search. |
For more information about start, end and time type, see Time Range and Time Stamps in Logger.
Full-text Search Options
|
Use primary delimiters |
Default: Yes Controls whether primary delimiters are applied to an event to tokenize it for indexing. A primary delimiter tokenizes an event for indexing. For example, an event "john doe the first" is tokenized into "john" "doe" "the" "first" using the “space” primary delimiter. The primary delimiters are: |
|
Use secondary delimiters |
Default: No Controls whether secondary delimiters are applied to an event to further tokenize a token created by a primary delimiter thus enabling searches that can match a part of a primary token. For example, you can search for "microfocus.com" in https://www.microfocus.com. The secondary delimiters are: |
For more information about full-text searches, see Keyword Search (Full-text Search).
Regular Expression Search Options
|
Case sensitive |
Default: No See Case sensitive. Note: You must |
|
Unicode case sensitive |
Default: No Controls whether events in languages other than English should be compared in a case-sensitive way. Caution: Micro Focus strongly recommends that you do not change this option. Note: You must |
|
Check for canonical equality |
Default: No Controls whether events in languages other than English should be compared using locale-specific algorithms. Caution: Micro Focus strongly recommends that you do not change this option. Note: You must |
For more information about regular expression searches, see Regex Helper Tool.
Search Display Options
|
Populate rawEvent field for syslog events |
Default: No Controls whether raw events are displayed in a formatted column called Note: Even though the |
|
Show Source and SourceType fields |
Default: No Controls whether the Source and SourceType fields are included in the Field Summary and query results. You must reboot the Logger Appliance/restart the Software Logger for this change to take effect. Note: Setting this option to Yes can impact query performance. |
For more information about raw events, see "Raw Event" Fieldset. For more information about field summary and query searches, see Source Types.
|
Expiry time (min) |
Default: 10 Controls how long a completed search remains available in Logger memory before expiring.
|
|
Maximum concurrent searches |
Default: 0 (unlimited searches) Controls how many concurrent searches this Logger can run, including dashboards and Saved searches. Note: If the number of searches is changed from default to another number, the server process must be restarted to implement the change.
|
Micro Focus recommends to limit the maximum concurrent searches based on the form factor or hardware specifications. For further details, see Best Practices Guide. For more information about concurrent searches, see Concurrent Searches.
Search Hit Limits
|
Max hits of Search UI |
Default: 1 000 000 Controls the maximum limit of hit results in Logger Search UI.
Note: If the number is changed from default to another number, Logger
|
|
Max hits of Search API |
Default: 1 000 000 Controls the maximum limit of hit results using the API. Since Logger had a limit of 1 000 000 in previous versions, this value has been set as default. Note: If the number is changed from default to another number, Logger
|
For more information about concurrent searches, see Search Hit Limits