Standard keywords and operators
This topic lists the keywords and operators that you can use when searching in IBM® Operations Analytics Log Analysis.
Note: The operators such as AND and OR, which are part
of this query syntax, are case sensitive. You need to use capitals
for these operators.
- OR
- This is the default operator. Either term or expression must be
matched in the results. A variation to this keyword is
or
. For example, to search for a specific severity or message classifier, enter severity:M OR msgclassifier:"WLTC0032W". - +
- To get AND like functions, use the + operator. You must add + as a prefix to these queries. For example, to search for a specific severity and message classifier, enter +severity:W +msgclassifier:"WLTC0032W".
- AND
- As an alternative to the + operator, you can use the AND operator. For example, to search for a specific severity and message classifier, enter severity:W AND msgclassifier:"WLTC0032W".
- Enables you to group individual terms into phrases that are searched
for as a unit. For example,
document clustering
. - ()
- Enables you to group expressions to guarantee precedence. For example, document AND (cluster OR clustering).
- *
- Wildcard operator that can be replaced in the returned value with
a number of characters. This can be either passed as an operator to
the sources or expanded when the
meta.wildcard-expand
option is turned on. For example, test* might return test, tests or tester. You can also use the wildcard in the middle of the search term. For example, t*est.Note: You cannot use this wildcard as the first character in a search. For example, you cannot use *test. - ?
- Wild character operator that can be replaced in the returned value
with a single character. This can be either passed as an operator
to the sources or expanded when the
meta.wildcard-expand
option is turned on. For example,te?t
might returntext
ortest
.Note: You cannot use this wildcard as the first character in a search. For example, you cannot use ?test. - +
- Must operator. Forces the use of a keyword. For example
WAS +and DB2
searches for strings that contain the keywordand
. - field:
- Enables you to restrict your query to a specific field. For example,
ID:123A
ormsgclassifier:
. These operators are activated for every field defined in your syntax.WLTC0032W
- NOT
- The specified term or expression must not be matched in the search
results. Variations to this keyword are
!
and-
. For example, to search for log records that contain WAS ID but that do not contain DB2 ID, enter "WAS ID" NOT "DB2 ID".Note: You cannot use this operator for a single term.