Query Language Command Reference

Generate aggregated data within the results generated by link, stats, or timestats commands.

Display a specific number of results with the lowest aggregated value as determined by the specified field.

Group the log records into buckets based on the range of values of a field.

Cluster properties of groups identified by the link command.

Group similar log records.

Compare one cluster collection with another, and for viewing the clusters that exist exclusively in the current range versus clusters that exist exclusively in the baseline range.

Look at log data within categories for specific classify results. It enables you to expand a message signature into the individual log entries.

View the log data within a cluster for specific classify results in the tabular format.

Compare properties generated by the link command over the comparison intervals specified.

Tabulate one or more fields from link command results.

Define a subquery to create a subset of groups identified by the link command.

Remove results that contain identical combination of field values based on the search order generated through the sort command.

Compute the difference between a numeric property in a group, and another numeric property in a previous group, in the sort order of groups when the delta command is run.

Remove duplicates from the returned results.

Calculate the value of an expression and display the value in a new field.

Obtain overall summary statistics, optionally grouped by fields, on properties of the results generated by link, stats, or timestats commands. Its output will include one field for each aggregation.

Obtain excerpts of an existing field using a regular expression.

Specify which fields to add or remove from the retrieved results, based on the field names.

Return data for the specified fields.

Display n results of the most frequent values of all fields in the field list.

Provide summary statistics, grouped by the Client Host Coordinates field.

Display the first n number of results.

Match a string or a list of strings, and highlight them in the Log UI.

Match strings or search criteria on the properties of the groups identified by any grouping command such as stats, link, or timestats, and causes them to be highlighted in the visualization.

Match a string or a list of strings, and highlight the entire row in the Log UI.

Obtain excerpts of an existing field using a Json Path from JSON format data.

Group log records into high level business transactions.

Invoke field value lookups.

Join a view that was created using the createview command, with the groups identified by the link command to create new properties.

Apply natural language processing algorithms to a text field.

Find irregular or uncommon field values in the results.

Display n results of the least frequent values of all fields in the field list. You can optionally group by additional fields.

Filter data according to a specified regular expression.

Change the name of a field.

Retrieve a specific logical expression from the available log data.

Retrieve contents from a lookup table.

Search for log record patterns within groups identified by the link command.

Sort logs according to specified fields.

Provide summary statistics for the search results, optionally grouped by a specified field.

Display the last n number of results.

Group the timeseries charts together based on how similar they are to one another.

Generate columns with the results from all the aggregate columns generated by the previous timestats command over the comparison interval specified.

Generate data for displaying statistical trends over time, optionally grouped by a specified field.

Display either the specified number of field values with the most occurrences or the specified number of results with the highest aggregated value as determined by the specified field.

Update an existing table created using the createtable command. Apply a sub-query or an eval expression to the table, and show or hide fields. This command works only in the link visualization.

Calculate the value of an expression to be true or false.

Obtain excerpts of an existing field using XPath from an XML document.