# 5.1 An Introduction to Analyze Functions

*Ascolog Insight* provides several functions for analyzing logs. In the following table you can find all available analyze functions with a short description. The analyze functions are described in more detail in the dedicated sections in this chapter. Analyze functions are created and used in a very similar way so what they have in common is described in How to create Analyze Functions and Filter Expressions. These two sections provide a lot of useful information and so it's highly recommended to read them. A tree structure called **Functions tree** is used to organize all available analyze functions except *tabs*. The **Functions tree** is located in the **Functions window**. The tabs are organized in the **Tab **list see figure Ascolog Insight user interface in section Workspace).

Table 1 lists the analyze functions which are available.

Analyze functions | Description |
---|---|

Record Filter | A record filter controls what log records are displayed in the Log window. All log records that match the filter expression are displayed in the Log window. |

Color Rule | Color rules apply a certain color scheme to log records or to parts of a log record in order to mark important information. |

Bookmark | Bookmarks are intended to help the user to quickly find log records again. |

Graph | Graphs are used to visualize the occurrence of log records or their data. |

Fixed Samples | Fixed samples are special graphs. They are used to mark important points in time to facilitate the orientation in a graph |

Tab | Tabs are different views of the log records that should be analyzed. The displayed log records are selected on the basis of the tab's filter expression. |

Categories are used to create groups of related analyze functions. Table 2 lists the available categories.

Category | Description |
---|---|

Root node | The root node of the Functions tree is a special category node that contains all other nodes. The root node is always available. |

Category | Categories are used to create groups of related analyze functions. |

On the one hand a category facilitates keeping track of the used analyze functions and on the hand it facilitates applying filter expressions to analyze functions. If a filter expression is added to a category this filter expression is applied to all analyze functions which are sub-nodes of the category by combining the filter expressions of the analyze functions with the category's filter expression using a logical AND (&&). You can add exactly one filter expression node to a category. If you want to combine several filter expressions you have to use logical operator nodes (AND, OR, NOT) within the filter expression

The next figure shows a filter expression directly below a category node.

The **Functions tree** shown in figure a filter expression directly below a category node is equivalent to the **Functions tree** shown in the next figure (… is equivalent to these filter expressions). Please note how the filter expressions are combined using a logical AND (&&).

Filter expressions are used to define criteria that log records must meet in order to be processed by an analyze function or a category of analyze functions (i.e. all analyze functions which are nodes of this category). Table 3 gives an overview of the available filter expressions.

Filter expressions | Description |
---|---|

Generic filter expression | A generic filter expression is used to define complex criteria. |

Wildcard | A wildcard is a special filter expression. It is used to select all log records. If you want to display all occurrences of log records in a graph add the wildcard to the graph node. |

RANGE | A range is a filter expression that is defined by two values. All values between these two values will meet the filter criteria. |

Timeframe | A timeframe is a special RANGE based on timestamps. One of the timestamps is the current local time. |

There are some more elements of the **Functions tree** which are called *logical operators*. They are listed in the table Logical operators. Their purpose is to combine filter expression nodes to form more complex filter expressions.

Logical operators | Description |
---|---|

AND | You can use this node to combine filter expressions with the logical AND operator. |

OR | You can use this node to combine filter expressions with the logical OR operator. |

NOT | You can use this node to negate a filter expression. |