Oracle Cloud Infrastructure Documentation

Command Reference

Specify commands in your query string to perform specific actions on the search results.

The first and implicit command in a query is the search command. This command consists of a series of keywords, and fieldname-value pairs, which identify the data that needs to be retrieved. More commands can be specified by separating them from the search command by using a pipe character (|).

The following commands are supported:

  • addfields: Generate aggregated data within the results generated by link, stats, or timestats commands.

  • bottom: Display a specific number of results with the lowest aggregated value as determined by the specified field.

  • bucket: Group the log records into buckets based on the range of values of a field.

  • classify: Cluster properties of groups identified by the link command.

  • cluster: Group similar log records.

  • clustercompare: Compare one cluster collection with another, and for viewing the clusters that exist exclusively in the current range versus clusters that exist exclusively in the baseline range.

  • clusterdetails: Look at log data within categories for specific classify results. It enables you to expand a message signature into the individual log entries.

  • clustersplit: View the log data within a cluster for specific classify results in the tabular format.

  • compare: Compare properties generated by the link command over the comparison intervals specified.

  • createview: Define a subquery to create a subset of groups identified by the link command.

  • delta: Compute the difference between a numeric property in a group, and another numeric property in a previous group, in the sort order of groups when the delta command is run.

  • distinct: Remove duplicates from the returned results.

  • eval: Calculate the value of an expression and display the value in a new field.

  • eventstats: Obtain overall summary statistics, optionally grouped by fields, on properties of the results generated by link, stats, or timestats commands. Its output will include one field for each aggregation.

  • extract: Obtain excerpts of an existing field using a regular expression.

  • fields: Specify which fields to add or remove from the retrieved results, based on the field names.

  • fieldsummary: Return data for the specified fields.

  • geostats: Provide summary statistics, grouped by the Client Host Coordinates field.

  • head: Display the first n number of results.

  • highlight: Match a string or a list of strings, and highlight them in the Log UI.

  • highlightgroups: Match strings or search criteria on the properties of the groups identified by any grouping command such as stats, link, or timestats, and causes them to be highlighted in the visualization.

  • highlightrows: Match a string or a list of strings, and highlight the entire row in the Log UI.

  • jsonextract: Obtain excerpts of an existing field using a Json Path from JSON format data.

  • link: Group log records into high level business transactions.

  • lookup: Invoke field value lookups.

  • map: Join a view that was created using the createview command, with the groups identified by the link command to create new properties.

  • nlp: Apply natural language processing algorithms to a text field.

  • regex: Filter data according to a specified regular expression.

  • rename: Change the name of a field.

  • search: Retrieve a specific logical expression from the available log data.

  • searchlookup: Retrieve contents from a lookup table.

  • sort: Sort logs according to specified fields.

  • stats: Provide summary statistics for the search results, optionally grouped by a specified field.

  • tail: Display the last n number of results.

  • timecluster: Group the timeseries charts together based on how similar they are to one another.

  • timecompare: Generate columns with the results from all the aggregate columns generated by the previous timestats command over the comparison interval specified.

  • timestats: Generate data for displaying statistical trends over time, optionally grouped by a specified field.

  • top: Display a specified number of results with the highest aggregated value as determined by the specified field.

  • where: Calculate the value of an expression to be true or false.

  • xmlextract: Obtain excerpts of an existing field using XPath from an XML document.