Current view: XpoLog V7 (Latest). Available: XpoLog V6 and XpoLog V5

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


funtion – an operation that is applied on the results of the search preceding the pipe. For exampleAvailable functions: sum count, avg min, max, min, count avg, sum, time, start time, end time, country, country code, city, region, execute

group – grouping of results by a specific group type, such as columns, logs, servers, files, or applications. For example Available Group operations: group by, interval

view – specifies how to display the results.  For example: Available View operations: first, last, order by,display, where, display only, geoip, asc, desc, display first 10, display specific columns

  • Grouping can only be according to a single group type. However, the group type can have a single or multiple variables.
  • A function must precede grouping, although it does not necessarily have to immediately precede it – view can come between the function and group command.
  • There can be multiple View types.
  • The Complex Search Syntax is iterative.