Oracle Cloud Infrastructure Documentation

clustercompare

Use clustercompare command to compare one cluster collection with another, and for viewing the clusters that exist exclusively in the current range versus clusters that exist exclusively in the baseline range. This command returns a table with nine columns:

  • Collection – The name of the collection where data is persisted
  • Id – Cluster id that is unique within the collection
  • Log Source - The source of the cluster
  • Count - Number of log records with this signature
  • Cluster Sample - A sample log record from the signature
  • Sample Count - The number of samples for each pattern, may be one or more in certain cases
  • Shape - A computed number assigned to each unique trend to group similar trends together
  • Trend - Trend of log entries that match the pattern over time
  • Score - A computed value assigned to each cluster used in default sorting

Syntax

clustercompare [timeshift = <offset> | starttime = <datetime> endtime = <datetime>] [includetrends = [true | false]] [span = <span>] [<baseline_query>]

Parameters

The following table lists the parameters used in this command, along with their descriptions.

Parameter Description

offset

offset sets the baseline cluster collection time range as an offset of the current time range.

Syntax: <direction><int><timescale> OR auto

  • auto: Timeshift is same as the window size of the current time range in the negative direction.
  • direction values: + | -
  • timescale syntax: <sec> | <min> | <hour> | <day> | <week> | <month>
  • sec values: s | sec | secs | second | seconds
  • min values: m | min | mins | minute | minutes
  • hour values: h | hr | hrs | hour | hours
  • week values: w | week | weeks
  • month values: mon | month | months

datetime

Explicitly sets start and end time range of baseline cluster collection.

includetrends

Indicates if the results should include trend data. If includeTrends is not specified, then a default value true is used.

span

Sets the size of the length of time to be used for the result histogram.

Syntax: <int><timescale>

  • timescale syntax: <sec> | <min> | <hour> | <day> | <week> | <month>
  • sec values: s | sec | secs | second | seconds
  • min values: m | min | mins | minute | minutes
  • hour values: h | hr | hrs | hour | hours
  • week values: w | week | weeks
  • month values: mon | month | months

baseline_query

Lets you specify a different search query for the baseline cluster collection.

The following command compares host1 clusters in current range with host2 clusters from 7 days ago:

Entity = host1 | clustercompare timeshift = -7days [ Entity = host2]

The following command compares clusters in current range with clusters from another period of time:

* | clustercompare starttime = '2018-06-07T00:00:00Z' endtime ='2018-06-14T00:00:00Z'