---Confidential Copyright William Softky 2002---

This example below shows the LogJammer searching a combined database of three Linux log-files (/var/log/syslog, /var/log/info, /var/log/messages). But the principles apply to other log files (like Web-server files) as well.

To open a single query, two things must take place:
  1. You must enter any search terms in input boxes at the very top of the display. Each term (whether selected or hand-entered) is used as a case-insensitive string-match term when searching, and the full search is the intersection ("AND") of all the terms; a blank field will match anything.

    In this example the string "eth0" was entered to match the "message" field of any of the three

  2. You must click a "+" link to indicate the time at which the query is to begin.
 
Right under the clicked point appears a single row summarizing the query terms, and below that appear the first thirty or so rows which match. Each field appears in a separate column. The angled blue arrow shows that the matching rows exist in time after the clicked one.

The query appears indented relative to the row which was clicked, just like a opening a folder in a tree-control.

To close any query, click the "-" sign at the left of that query's summary row.
Tutorial page
Home ,m