The scope filters provide the ability to set global context in the Logging Analytics console and maintain it across Log Explorer and dashboard. The global context can be set for Logging Analytics resources such as entities log groups, and log sets.

1. Click the Filter icon in Logging Analytics on the top left corner of Log Explorer or the Dashboard details page to open the Scope Filter dialog box. Select the high level context for the following resources:

2. Region: Select the regions in your tenancy where the log data that you want to search is available. Based on your selection of the regions, the options for the other filters are adjusted.

   If you select multiple regions, then your saved search which include the context from the scope filter, will have the selection of multiple regions too. The resulting visualization adds an implicit multi-region group by field. If the visualization was already at the maximum supported group by fields, then the region is concatenated to one of the group by fields. For example, Pie chart supports only one group by field.

   Some features such as chart drill downs, export, and side bar filtering are not supported when multiple regions are selected. You can download the results using the Actions menu instead of exporting.

3. Log Group: By default, the root compartment is selected and the option to include subcompartments is enabled. With this selection, the log groups in the root compartment and the subcompartments in the hierarchy are selected for the search. You can modify this scope to narrow down your search for the log groups under Log Group Compartment. Enable Include Subcompartments to traverse the subcompartments of your selection of compartment to search for the logs.

   Note
   
   If you select a compartment for log group and cannot find the resource that you are looking for, then verify that you have the user access for that compartment.

4. Entity: Enter the name of the entity whose logs you want to search.

   The Dependent Entities check box is automatically enabled to include within the scope to search for the logs. This is particularly useful when a composite entity is specified in the Entity field. You can disable the check box, if required.

5. Log Set: If log partitioning is enabled in your tenancy, then you can select one, multiple or all log sets.

6. Click Apply to see the modified log query results in the Log Explorer.

7. Optionally, you can select fields to use as filters in the Scope Filter.

   From the Fields panel in the Log Explorer, click the Actions menu next to the field, and select Add to scope filters. The field now appears as a filter in the Scope Filter dialog.

After the scope filter is applied, you can view the applicable filters next to the Filter icon in the form of pills. Click on the pill to modify the scope filter. Click (x) on the pill to remove that filter.

Following are some of the properties of the global context of the scope filter:

• The selection of and changes to the scope filter and the time range get carried over between the Log Explorer and Dashboard.

• You can save your selection of scope filter and time using the saved search and reuse it at a later point, if needed.

You can use the Entity field in the Pinned section of Oracle Logging Analytics to filter logs by an entity or multiple entities.

1. Open the navigation menu and click Observability & Management. Under Logging Analytics, click Log Explorer.
2. In the Fields panel, under Pinned section, click Entity .
3. In the Entity dialog box, select the required entities, and click Apply.
   Note
   
   

   In the Entity dialog box, you can see the occurrence trend for the available entities in the form of sparklines. For the prior example, the sparklines show when the log entries corresponding to the available entities are generated based on the time range selected in the time selector on the top right corner of the dialog box.

You can use the filter option in the visualizations that generate a table of records to filter the log data with the fields available in the log records.

In the visualizations that provide table of records, click the field value to view the filter out options. In the following example, the records with histogram chart has a table of records with the values available for fields like entity, entity type, log source, and host name.

When you click the field value, the following filter options are available:

• Add to Search: The field that you clicked is added to the search query, and the log data is filtered to include the corresponding field in the search. For example, if you click the entity type value Host (Linux) and specify to add it to search, then the previous search query is updated to include 'Entity Type'='Host (Linux)' in the search string.
• Exclude from Search: This excludes the field from the search, and generates a refined result of log records that don't contain the specified field value. For example, if you click the log source value Linux Syslog Logs and specify to exclude it from search, then the previous search query is updated to have 'Log Source'!='Linux Syslog Logs' in the search string. The resultant log data will have only those log records which are not collected from the specified log source.

You can also filter data by using the sources and the fields in the log messages.

• The Pinned attributes let you filter log data based on:

  • Sources, such as database logs, Oracle WebLogic Server logs, and so on.

  • Log entities, which are the actual log file names.

  • Labels, which are tags added to log entries when log entries match specific defined conditions. See Use Labels in Sources.

  • Upload names of log data uploaded on demand. See Upload Logs on Demand.

  By default, the entities and collection details are available in the Pinned bucket of the Fields panel for filtering. You can pin additional fields to the Pinned bucket depending on your usage. Once pinned, the fields are moved to the Pinned bucket. You can unpin any field and remove it from the Pinned bucket and move it back to the Computed or Other bucket.

• Based on your search and queries, Oracle Logging Analytics automatically adds fields to the Computed bucket for your quick reference. You can pin a field that’s available under Computed bucket. The pinned field then gets moved to the Pinned bucket.

• You can pin any field in the Other bucket and move it to the Pinned bucket. If you use a field from the Other bucket in your search or query, then it’s moved to the Computed bucket.

After the filter result is generated, you can use the filter option in any of the visualizations with table of records to exclude a field value from search. However, if you want to exclude specific values before the search, then you can select them in the filter dialog box.

1. Open the navigation menu and click Observability & Management. Under Logging Analytics, click Log Explorer.
2. Under the Pinned fields section, click Log Source.
3. In the Source dialog box, select Database Listener Alert Logs, check the box Exclude from Search, and click Apply.

   The query in the query bar is updated with the != or not in relation for the selected source and the result is displayed through the visualization.

   Note
   
   

   • When you reopen the Source dialog box, by default, those sources are listed which are selected for display in the visualization, as indicated by the option Selected in the Show menu. This list is obtained from running the query that you can currently view in the query bar. To view all the sources, select Available in the Show menu. Now, all the sources, even those that are excluded from search, are listed. You can now modify your filter preference.

   • When you reopen the Source dialog box, if the Exclude from search check box is enabled, then it is an indication that some of the sources are excluded from search. To exclude multiple values of the source from search, keep the check box Exclude from search enabled, and add more to the exclude list by selecting those values in the Source dialog box.