> Documentation > CommCell Management > Operating and Monitoring the Backup Environment > Log Monitoring > Monitoring Logs with the Log Monitoring Application

Searching Log Data in the Log Monitoring Application

You can search for specific log events to monitor the log activity in your environment. Search operations can be grouped into the following methods:

  • Global search

    You can search for a particular event across all the log events indexed in the application.

  • Entity-based search

    You can search log events associated with a particular client, log file, template or monitoring policy.

Procedure

  1. From the My Applications page in the Web Console, go to Monitoring > Log Monitoring.

  2. On the Home page, perform a search using one of the following methods:

    • Global search

      At the upper left of the page, click Search. The Search page is displayed, which includes recent search history, all saved searches, and shared searches.

    • Entity-based search

      The Home page displays all clients, log files, templates, policies, and tags used to monitor log data. You can refine your search by clicking the entity containing the log data that you are looking for.

      For example, if you want to search the log data monitored for a specific client, click the client name listed in the Clients table. To see the complete list of clients, client View All next to the table.

  3. To search for log events that occurred within a specific period of time, click the time range list and select the time range that you want to apply to the search.

    search_time_range

    If the time range you want to use is not in the list, select Custom to define your own time range.

    Note: If your monitoring policies are configured to archive aged analytics data and your time range includes archived data, the Re-Index Data dialog box appears. You must re-index the archived data before you can search on it. For information on archiving the aged data, see Archiving Aged Analytics Data in Log Monitoring. To view the jobs triggered for re-indexing, at the top of the page, click Manage, and then click Re-Index jobs.

  4. On the search bar, type your search criterion, and then click Search.

    Note: Opening and closing parentheses () and backslashes (\) cannot be used in your search.

    The Time Line chart and the Event Log table display the search results.

    You can use SQL queries to perform a search. The following SQL query clauses can be used: select, where and group by.

    Following are few sample SQL queries:

    • To display the average CPU usage and the virtual machine name columns and group the results by virtual machine name, run the following query:

      select avg(cpuUsage) ,VMName from searchName group by VMName

    • To display the average CPU usage (renamed as AVG_CPU) and the virtual machine name columns for virtual machines associated with a client named "Client1" and group the results by virtual machine name, run the following query:

      select avg(cpuUsage) as AVG_CPU ,VMName from searchName where Client like '%Client1%' group by VMName

  5. Optional: To further refine your search results, you can apply filters.

    Under the Time Line chart, in the facet list, expand the facet that you want to use to display the associated search filters. For example, expand Client to select the clients whose log data you want to analyze.

  6. Optional: You can save the search. This is useful if you plan to check the search results on a regular basis.

    1. On the search bar, click the star button star_button.

      The Save Current Search dialog box is displayed.

    2. In the Search box, enter a name for your search and click Save.

      The search is added to the list of saved searches in the Saved Search table.

    Note: You can display the results of your search in a chart or table on a dashboard. To add a chart or table, see Adding a Chart or Table to the Log Monitoring Dashboard.

Example: Searching for Reconfigured Storage Policies

Suppose you configured a monitoring policy to track Audit Trail events in the CommServe database. If you want to find out whether a specific storage policy was reconfigured in the last seven days, use the following steps to perform the search:

  1. On the Home page, in the Templates table, click Audit Trail.

    The Search page is displayed.

  2. In the time range list, click the down arrow, and then select Last 7 Days.

    The page reloads.

  3. In the search bar, type the name of the storage policy and click Search.

    The page reloads.

  4. To save your search, click the star button star_button.

  5. In the Save Current Search dialog box, do the following:

    1. In the Search box, type SPName Weekly Reconfig Check.

    2. Click Save.

What to Do Next

After a search operation, you can perform any of the following actions:

Loading...