5.1 An Introduction to Analyze Functions

Ascolog Insight provides several functions for analyzing logs. In the following table you can find all available analyze functions with a short description. The analyze functions are described in more detail in the dedicated sections in this chapter. Analyze functions are created and used in a very similar way so what they have in common is described in How to create Analyze Functions and Filter Expressions. These two sections provide a lot of useful information and so it's highly recommended to read them. A tree structure called Functions tree is used to organize all available analyze functions except tabs. The Functions tree is located in the Functions window. The tabs are organized in the Tab list see figure Ascolog Insight user interface in section Workspace).

Table 1 lists the analyze functions which are available.

Table 1: Analyze functions
Analyze functions Description
Record Filter A record filter controls what log records are displayed in the Log window. All log records that match the filter expression are displayed in the Log window.
Color Rule Color rules apply a certain color scheme to log records or to parts of a log record in order to mark important information.
Bookmark Bookmarks are intended to help the user to quickly find log records again.
Graph Graphs are used to visualize the occurrence of log records or their data.
Fixed Samples Fixed samples are special graphs. They are used to mark important points in time to facilitate the orientation in a graph
Tab Tabs are different views of the log records that should be analyzed. The displayed log records are selected on the basis of the tab's filter expression.

Categories are used to create groups of related analyze functions. Table 2 lists the available categories.

Table 2: Categories
Category Description
Root node The root node of the Functions tree is a special category node that contains all other nodes. The root node is always available.
Category Categories are used to create groups of related analyze functions.

On the one hand a category facilitates keeping track of the used analyze functions and on the hand it facilitates applying filter expressions to analyze functions. If a filter expression is added to a category this filter expression is applied to all analyze functions which are sub-nodes of the category by combining the filter expressions of the analyze functions with the category's filter expression using a logical AND (&&). You can add exactly one filter expression node to a category. If you want to combine several filter expressions you have to use logical operator nodes (AND, OR, NOT) within the filter expression

The next figure shows a filter expression directly below a category node.

A filter expression directly below a category node...
A filter expression directly below a category node...

The Functions tree shown in figure a filter expression directly below a category node is equivalent to the Functions tree shown in the next figure (… is equivalent to these filter expressions). Please note how the filter expressions are combined using a logical AND (&&).

… is equivalent to these filter expressions
… is equivalent to these filter expressions

Filter expressions are used to define criteria that log records must meet in order to be processed by an analyze function or a category of analyze functions (i.e. all analyze functions which are nodes of this category). Table 3 gives an overview of the available filter expressions.

Table 3: Filter expressions
Filter expressions Description
Generic filter expression A generic filter expression is used to define complex criteria.
Wildcard A wildcard is a special filter expression. It is used to select all log records. If you want to display all occurrences of log records in a graph add the wildcard to the graph node.
RANGE A range is a filter expression that is defined by two values. All values between these two values will meet the filter criteria.
Timeframe A timeframe is a special RANGE based on timestamps. One of the timestamps is the current local time.

There are some more elements of the Functions tree which are called logical operators. They are listed in the table Logical operators. Their purpose is to combine filter expression nodes to form more complex filter expressions.

Table 4: Logical operators
Logical operators Description
AND You can use this node to combine filter expressions with the logical AND operator.
OR You can use this node to combine filter expressions with the logical OR operator.
NOT You can use this node to negate a filter expression.