Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
BeaconBits
Contributor

Searching Multiple log files by using filter

Hello Folks,

I have new log file after every 2GB size. So each day I collect more than one file of logs.

Recently, I had to search for over few past days. So I was struggling to go into each log file and search.

Question:

Is there any way to search multiple log files at the same time?

Any query option that allows to select more than one log file.. or any other way (may be third party)?

Thanks!

S

7 Replies
Norbert_Bohusch
Advisor

Which version is your management running?

 On R80.x logs are automatically indexed (as long as indexing is not turned off) and a search will search over all indexed log-files.

On R77.x (or older) logs in SmartView Tracker are not indexed, but in SmartLog they are.

BeaconBits
Contributor

It is on R80.10.

In this case then how can I check if log files are indexed?

0 Kudos
Jerry
Mentor
Mentor

open the object in your dash and see if the indexing (in logging section) is enabled - if not - enabled it manually.

Jerry
0 Kudos
Jerry
Mentor
Mentor

it is called btw "Enable Log Indexing" with a little blue "i" icon Smiley Happy 

Jerry
BeaconBits
Contributor

Yes, it is enabled. 

So far what I understand is that I can search up to last 14 days because logs are being indexed to 14. 

But searching multiple random files before these 14 days is not possible.

@Checkpoint: Not sure, but I think there should be feature where to select multiple log files and search from them at once rather selecting one by one that are not indexed.

BeaconBits
Contributor

Thanks Norbert Smiley Happy

I have found this option on Log Server and it is enabled.

S it means, that I can go back only up to 14 days at a time.

Could you please add more relevant info that I'm missing?

0 Kudos
Jerry
Mentor
Mentor

I believe it all depends how your "log infrastructure" looks like,

if you're using CLM (Log Server) there are options for making that simpified

if your logs ends on SMS server - I don't think you can search few ELG files at the same time if I'm not mistaken (unless the script is already known to our belowed CCSM's here Smiley Happy )

if your log switching is done per "size" on your Management Server (SMS) then obviously it must be a pain (and it is for each and everyone I guess) including myself to go trouch all the logs in order to find interesting record however, as Norbert mentioned in R80.10 for instance it should "per indexing" at least show you a snip of the record you're lookinig for. IMHO CLM is the best option, unless your logging facility does not need 12 months of log retention ...

Jerry
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events