How is the syntax used in the Search editor
To better explain the syntax of a search is by using the following diagram
The components of the Search
- Search Terms –> What you are looking for
- Commands –> What do you want to do with the results, chart, statistics, format and so on
- Functions –> How do you want to chart, compute or evaluate your result, for example, get a sum, get an average or transform the values, amongs many other functions
- Arguments –> Variables you want to apply to the search, calculate average, transform from milliseconds to seconds and so on
- Clauses –> How do you want to group or rename the fields in the search result
The Search Pipeline
After a search is defined, use (|) to enter into a new line – Create tables based on field values, bring multiple values to create the Table, in this example we are using JSESSIONID, Action and Status.
Notice that the Fields can be renamed to something more user friendly by using the rename command
THere are multiple ways to present the data, and to provide meaningful information. Here is the Commands by Category reference guide
More examples for Field Commands are:
- dedup – removes duplicates from results
- sort – order results in ascending or descending order (+-)
- Top – Retun the most common field values (By default brings 10 results)
- rare – Return the least common field values
- Stats – calculate statistics from your search criteria (Combine with count, distinct count, sum, avg, list, values)
To get a better understanding of the Functions of the Stats command –> Common Stats Function
What is Next?
About the Author:
Andres Sarmiento, CCIE # 53520 (Collaboration)
With more than 15 years of experience, Andres is specialized in Unified Communications and Collaboration technologies. Consulted for several companies in South Florida, also Financial Institutions on behalf of Cisco Systems. Andres has been involved in high-profile implementations including Cisco technologies; such as Data Center, UC & Collaboration, Contact Center Express, Routing & Switching, Security and Hosted IPT Service provider infrastructures.