Querying Log Files Using Multiple Conditions

This topic provides examples of combination query commands using multiple conditions. For a list of individual query command conditions and their use, see Creating and Saving LFA Queries.

The logical AND and OR operators are also applicable to the Log File Analyzer (LFA) query command. To add clarity to multiple condition commands, group condition sets in parentheses.

• query litasqry where (literal = Parameter) or (user = asmith)

  This command queries log files for the literal Parameter or the user asmith. It saves the output to memory under the name litasqry.

• query aqry where literal = Parameter and literal = SBL-GEN

  This command queries log files for the literal Parameter and the literal SBL-GEN. It saves the output to memory under the name aqry.

• query asaugqry where user = asmith time from 2017-05-05

  This command queries log files for the user asmith after May 05, 2017. It saves the output to memory under the name asaugqry.

• query asaugqry where user = asmith time from "2017-05-05 15:20:00" to "2017-05-05 15:30:00"

  This command queries log files for the user asmith during the ten-minute period between 3:20 PM and 3:30 PM on May 05, 2017. It saves the output to memory under the name asaugqry.