Standard keywords and operators

This topic lists the keywords and operators that you can use when searching in IBM® Operations Analytics Log Analysis.

Note: The operators such as AND and OR, which are part of this query syntax, are case sensitive. You need to use capitals for these operators.
OR
This is the default operator. Either term or expression must be matched in the results. A variation to this keyword is or. For example, to search for a specific severity or message classifier, enter severity:M OR msgclassifier:"WLTC0032W".
+
To get AND like functions, use the + operator. You must add + as a prefix to these queries. For example, to search for a specific severity and message classifier, enter +severity:W +msgclassifier:"WLTC0032W".
AND
As an alternative to the + operator, you can use the AND operator. For example, to search for a specific severity and message classifier, enter severity:W AND msgclassifier:"WLTC0032W".
Enables you to group individual terms into phrases that are searched for as a unit. For example, document clustering.
()
Enables you to group expressions to guarantee precedence. For example, document AND (cluster OR clustering).
*
Wildcard operator that can be replaced in the returned value with a number of characters. This can be either passed as an operator to the sources or expanded when the meta.wildcard-expand option is turned on. For example, test* might return test, tests or tester. You can also use the wildcard in the middle of the search term. For example, t*est.
Note: You cannot use this wildcard as the first character in a search. For example, you cannot use *test.
?
Wild character operator that can be replaced in the returned value with a single character. This can be either passed as an operator to the sources or expanded when the meta.wildcard-expand option is turned on. For example, te?t might return text or test.
Note: You cannot use this wildcard as the first character in a search. For example, you cannot use ?test.
+
Must operator. Forces the use of a keyword. For example WAS +and DB2 searches for strings that contain the keyword and.
field:
Enables you to restrict your query to a specific field. For example, ID:123A or msgclassifier:WLTC0032W. These operators are activated for every field defined in your syntax.
By default, the search engine supports the title field. When you are creating a search collection, you can extract any number of contents, for each document, and relate these contents to searchable fields. This is specified in the form of the source associated with each collection.
NOT
The specified term or expression must not be matched in the search results. Variations to this keyword are ! and -. For example, to search for log records that contain WAS ID but that do not contain DB2 ID, enter "WAS ID" NOT "DB2 ID".
Note: You cannot use this operator for a single term.