You can now use the Loose Search feature to search your logs in order to find partial and case insensitive matches.
This can be useful if you don’t know the full keyword you want to match, or can’t remember the case of the keyword you want to find.
For example, the following web access log line contains the string “AppleWebKit” in the browser type field:
122 Mar 2019 17:53:22.035188.8.131.52 - - [2019-03-22 17:56:56.628065] "GET /about.php HTTP/1.1" 200 3507 "www.yahoo.com" "Mozilla/5.0 (Windows; U; ; en-NZ) AppleWebKit/527 (KHTML, like Gecko, Safari/419.3) Arora/0.8.0"
When not using Loose Search, you would need to search for your keyword or string in different ways:
- Match the complete word and case for this log line for returned results.
- Use the [regex] expression
where(/webkit/i)to indicate case insensitive and partial matching.
where(http.agent = /.*webkit.*/i)for case insensitive and partial matching against a specific field.
Loose Search allows you to write a query and click a button for easier log search.
To use Loose Search:
- Log in to InsightOps and navigate to the “Log Search” page.
- Enter your query in the search bar.
- Click the Loose Search icon on the right of the search bar in simple or visual search mode.
Users that want to search in Advanced Search can simply write
loose after the search parameters in the
where() clause . For example,
where(webkit, loose) or
where(http.agent = webkit, loose).