Table of Contents | ||||
---|---|---|---|---|
|
...
Rw ui tabs macro | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
You can set a time interval following the steps described in the picture below.
You can also introduce time ranges manually using date language expressions, which gives you more flexibility and precision when searching your data. Simply click on the date field and write the desired time expression or edit the existing one. The field turns red and an explanatory message appears until a valid date is entered. Click Apply when you finish. When the and the expressions will be translated into the corresponding dates.
You can use a mix of both absolute and date language expressions in any given time range (for example, the to date can be relative and the from date absolute, and vice versa). For date language expressions, the current moment "now()" is used as the reference point. Operators You can establish absolute dates in the required format:
With date language expressions, use a series of mathematical operations to move away from the current time which is used as the reference point. You can use multiple operators at once and the execution order is from left to right:
Time expressions Let's suppose the current time (which we refer to as "now()") is Sunday, 05 February 2017, 13:37:05. The table below shows the resulting time when different expressions are applied. Note that this isn't an exhaustive list:
|
...
Info |
---|
Case sensitive information Note that this operation is case sensitive. To ignore case, access your user or domain settings in the Preferences area and choose Case insensitive in the Default case sensitivity in searches dropdown. In this case, the operation would be Mega - Run a global search (copy Contains tokens - case insensitive (weaktoktains). |
Table columns in a global search
...
eventdate | The date and time in which Devo received the event. |
---|---|
technology | The first and highest tag level. It indicates the type of technology from which the data comes. |
brand | The second tag level. It indicates the vendor of the aforementioned technology. |
phylum | The third tag level and the first optional, also known as type. It describes and categorizes the data source inside the company. |
family | The fourth tag level and the second optional, also known as subtype 1. It further describes and categorizes the data source in case subdivisions are necessary. |
genus | The fifth tag level and the third optional, also known as subtype 2. If further describes and categorizes the data source in case more subdivisions are necessary. |
species | The sixth and lowest tag level and the fourth optional, also known as subtype 3. It further describes and categorizes the data source in case even more subdivisions are necessary. |
tables | The tables in which the token appears. |
hostName | The name of the machine from which the event originated. |
hostIp | The IP address of the machine from which the event originated. |
message | The data received in the event. |
weaktok
Info |
---|
Be aware that sometimes the tags from the columns do not coincide with the tables in which the token appears. This is because those tables extract information and metadata from the ones in which they actually appear. |
...