Search Syntax
LogZilla provides standard boolean-type search syntax much like you would expect when using Google. The only difference is the ability to append a wildcard (*)
- All searches are case insensitive
- All searches must contain at least 4 characters at a minimum unless otherwise configured by your administrator.
Correct search syntax:
Example 1:
Incorrect search syntax (too few characters)
The 4 character minimum is set in a config at the OS level which administrators can opt to change at the cost of using more memory for indexing. Customers are welcome to contact us for guidance if this is desired.
Boolean Examples
Phrase Search
Operator AND
The AND is automatically implied when separating search words with a space and should not be included in your search criteria.
For example, searching on the text hello world would return results for both hello and world.
Operator NOT
The ! or - operators may be used to find events NOT containing the specified text. For example:
Or
Operator OR
A | (pipe) operator may be used to find events matching either of the given terms. For example:
Boolean Mode Wildcard
Many Network and Systems logs will include names such as GigabitEthernet1/0/0, etc. The wildcard feature allows users to specify a search term when they may not know the trailing characters.
For example:
Would return results forGigabitEthernet1/0/0, GigabitEthernet1/0/2, or even GigabitEthernet100.
A prefix/infix wildcard may also be used:
Would return results forGigabitEthernet1/0/0, GigabitEthernet1/1/2 but not GigabitEthernet100.
Invalid Search Syntax
The following examples show some of the mixed-mode searches which are not supported at this time:
- Searches containing both
ORandNOToperator's combined:
- Mixed "Phrase"
ANDorNOT
- Negative searching without a preceding positive search
This would be analogous to searching Google for every word on the internet that does
NOTcontain the word hello. Which, of course, would not be very useful.