See Also
Using constraints in a query can speed up a search operation as they limit the scope of data that needs to be searched. Constraints enable you to limit a query to events from one or more of the following:
For information about storage groups and peers, see Storage, Device Groups, and Peer Nodes.
Follow these guidelines when specifying constraints:
Use the following operators to specify constraints in a search query expression:
| Metadata Identifier | Example |
|---|---|
_deviceGroup |
_deviceGroup IN [“DM1”, “HostA”] where Note: You can use this field to specify individual devices. |
_storageGroup |
_storageGroup IN [“Internal Event Storage Group”, “SG1”] |
_peerLogger |
_peerLogger IN [“192.0.2.10”, “192.0.2.11”] |
If a query includes the Boolean operator OR and metadata identifiers, the expression to be evaluated with OR must be enclosed in parentheses, as shown in this example:
(success OR fail) _storageGroup IN [“Default Storage Group”]
If the expression to be evaluated with OR is not enclosed in parentheses, an error message is displayed on the user interface screen.
_storageGroup IN [“SGA”, “SGB”].You can apply constraints to a search query by:
Typing the constraint in the Search text box.
Once you type “_s” (for storage group), “_d” (for device group), or “_p” (for peer) in the Search text box, Search Helper automatically provides a drop-down list of relevant terms and operators from which you can select.
Caution: If a search query contains constraints and a regular expression, make sure that the constraints are specified before the regular expression. For example, _peerLogger IN [“192.0.2.10”] name contains abc | REGEX=“:\d31”