funtion – an operation that is applied on the results of the search preceding the pipe. For exampleAvailable functions: sum count, avg min, max, min, count avg, sum, time, start time, end time, country, country code, city, region, execute
group – grouping of results by a specific group type, such as columns, logs, servers, files, or applications. For example Available Group operations: group by, interval
view – specifies how to display the results. For example: Available View operations: first, last, order by,display, where, display only, geoip, asc, desc, display first 10, display specific columns
- Grouping can only be according to a single group type. However, the group type can have a single or multiple variables.
- A function must precede grouping, although it does not necessarily have to immediately precede it – view can come between the function and group command.
- There can be multiple View types.
- The Complex Search Syntax is iterative.
This chapter provides you with a reference to all the search commands available for your use in a complex search, including their syntax, description, and examples of use. You can also build complex search queries using a combination of these search commands. Complex search queries that are executed run in the XpoSearch console, can be visualized as gadgets in XpoLog Dashboards.
Use case examples of such commands are provided in Complex Search Use Case Examples.