Using Advanced Search

EventLog Analyzer provides advanced search feature. Advanced Search, offers numerous options for making your searches more precise and getting more useful results. It allows you to search from the Raw Logs. Using this feature, you will be able to save the search results as Report Profiles. This provides a simplified means to create very precise, selectively filtered and narrowed down Report Profiles.

Advanced Search

In Advance Search, you can search the logs for the selected hosts, from the aggregated logs database or raw Host/Application logs, and define matching criteria.

To carry out advanced search, click Advanced Search link in the Sub Tab. Advanced Search screen opens up and there will be Search Criteria section. Search Criteria has two sub-sections.

Select Hosts

Select Criteria

Select Hosts

In this sub-section, you can choose the hosts for which you want the logs to be searched. If no host is selected or you want to change the list of selected hosts, select the hosts.

Click Click to Select link.

Select Hosts window pops-up. In that window, Select All Groups with selection check box and all the available host groups with individual hosts with selection check boxes are listed. By default, the Default Group and the hosts with selection check boxes are displayed in the screen

Select the host groups or individual hosts in the groups by selecting the check boxes as per your requirement. Click Done to select the hosts and close the window or click Cancel to cancel the operation and close the window.

The selected groups and hosts are displayed in this section.

Select Criteria

In this sub-section, you can define the criteria listed below to search the event database for incidents:

Criteria	Description
Type	Refers to major and particular event types. Major event types are: EventLog Types, Syslog Types
Severity	Refers to the following event severity listed: Emergency, Alert, Critical, Error, Warning, Information, Notice, Debug, Success, Failure
User Name	Refers to the User Name of the user associated with the log events
Event ID	Refers to the Event ID of the log events
Source	Refers to the source host name or IP address from which the events originated
Message	Refers to the log message texts stored in the database

Type Sub-Criteria

If no event type is selected or you want to change the selected event types, select the event types.

Click Click to Select link.

Select Event Types window pops-up. In that window, EventLog Types and Syslog Types and individual event types are listed with selection check boxes. Selecting EventLog Types check box will select all the event types listed under EventLog Types. Same is applied for Syslog Types.

Select the complete lists or individual event types in the lists by selecting the check boxes as per your requirement. Click Done to select the event types and close the window or click Cancel to cancel the operation and close the window.

The list of event types under Eventlog Types are:

Application

Security

System

DNS Server

File Replication Service

Directory Service

OSession

The list of event types under Syslog Types are:

kernel

user

mail

daemon

auth

syslog

lpr

news

uucp

cron1

authpriv

ftp

ntp

logAudit

logAlert

cron2

local0

local1

local2

local3

local4

local5

local6

local7

Select any combination of the following criteria: Type, Severity, User Name, Event ID, Source, and Message.
After selecting the Host(s) and Criteria, click Search or click Cancel to cancel the operation.
Clicking Search will display the results in the Search Results section below the Search Criteria section.

The Search Results screen displays the following:

Save as Report Profile link,
Time frame (From, To)
Number of rows displayed (1 to x of y) with navigation buttons
View per page (5, [10], 20, 25, 50, 75, 100, 250, 500)
and following columns:
- Host Name
- Source
- Type
- Severity
- UserName
- EventId
- Message
- Time

By default, the search is carried out for the time period selected in the Global Calendar present in the left pane of the UI.
You can also search within the search results. Fill the text boxes below the column headers and click the icon to carry out search within search.

If the search string exists then the search result will be intelligently displayed based on the report category in which it occurred.

Using Advanced Search to create Report Profile

To generate users reports:

Click Advanced Search link in the Sub Tab.
Select appropriate Hosts.

In the Criteria section, enter Duration isn't '0'.
- Click Search and click Configure Columns to change reports columns.
In the Criteria section, select Match all of the following or Match any of the following to match all the criteria set or any of the criteria set and add or remove additional criteria using Add Criteria and Remove Criteria links and select Protocol is 'HTTP'.
- Click Search. Search results provide the Reports related to your search <for time period from beginning of the day to current time>.
- Select the required reports by selecting the individual reports or by selecting the Add Criteria to select all the reports. These will form the criteria for the Report Profile.
To save the search result as report profile, click Save as Report Profile link.
Enter a Report Profile Name.
Schedule the report, if required.
Select the Report Format: PDF or CSV.
Select the Mail To: check box if you want the report to be auto delivered. Enter the Email ID(s). If more than one Email ID, separate them with a comma.
Click Finish button. A new report profile is added. Click Cancel button if you want to cancel the operation.

ManageEngine