1. Using Oracle Log Analytics Search
  2. Explore Log Data

2 Explore Log Data

Oracle Log Analytics enables you to filter and analyze all available log data. By formulating and running a query, you can search all available log data and ensure you view only that specific data you are looking for.

The Oracle Log Analytics Search query is made up of multiple elements. Consider the following query: 

'Target Type' IN ('Database Instance','Automatic Storage Management','Listener','Cluster') AND Severity IN ('ERROR','SEVERE') |stats count as 'Error Count' by target |top limit=10 'Error Count'

This query has the following elements:

  • Entities: Entities include host machines, databases, and other components that can be managed and monitored by Oracle Log Analytics.

  • Commands: This is a specific action to be performed. The first and implicit command in a query is the search command.

  • Keywords and Phrases: A keyword is a single word, while a phrase contains more than one word, usually enclosed in quotation marks. These specify what exact words to look for. For example, specifying the phrases ‘Database Instance’, and ‘Automatic Storage Management’ in the query ensure that logs not containing the specified phrases are filtered out.

  • Conditions: These are specific criteria the data must meet, to be returned as a result after the query is run. For instance, in the example query, AND is a Boolean expression, where the results will return those logs which fulfil the conditions specified for Target Type and Severity.

  • Functions: Functions specify a task that needs to be completed on the data. For example, in the command, count is a function which counts the rows in the results returned from running the first part of the query.

Using the Oracle Log Analytics search language, you can apply a second level filter to the data through the use of the pipe command (|). The command to the left of the first pipe character is the first level filter, while the command to the right of the pipe character is the second level filter. The results returned after running the first command are further refined according to the command to the right of the pipe command. You can use as many pipe characters as necessary to retrieve only that information which is necessary.

For example, consider the following query:
‘log source’ in (‘FMW WLS Server Access Log’,’FMW OHS Access Log’) 
|stats count(URI) as ‘Request Count’ by URI | top limit=10 ‘Request Count’
When this query is run, Oracle Log Analytics performs the following actions:

  1. Identifies data with log source within the logs ‘FMW WLS Server Access Log’ and ’FMW OHS Access Log’.

  2. Returns the count of rows from the results of step 1, where the value of the field Request Count for each URI is not null.

  3. Lists the top 10 URIs with the highest Request Count.

It is good practice to begin a compound query with a general command, and make the query more specific to the right side of each pipe character.

Topics