Before you start

Documentation version: 2605.0

Product reference version: Sonar 5.0.2603.0

For version-by-version changes, see Documentation change history.

Preliminary notice

This documentation describes how to use the query commands and functions provided by the Logpresso product suite. Read this document before learning how to use commands and functions.

Logpresso strives to deliver up-to-date information. Documentation is produced and provided through an automated process. The accuracy of all content cannot be guaranteed. Verify the content in this documentation and consult additional resources when necessary.

Notation

Graphic user interface (GUI) elements are expressed as follows.

Notation formatDescription
Menu 1 > Menu 2Displays the multi-level menu path using ">".
LabelDisplays the string of an identifiable UI element (tab, button, etc.) on the screen.

The following table lists the notational conventions used for commands, options, and input values in this documentation.

Notation exampleDescription
table araqne_query_logsMonospaced lowercase indicates text you type exactly as shown.
VALUE, TABLE, TABLE.INDEX, FIELDMonospaced uppercase indicates text you must enter according to your environment.
opt=type, [opt=type]Command options are expressed in the form option=value_type. A pair of square brackets ([ ]) means the option can be omitted.
opt=INT{s|m|d|w|mon}Values that require you to select one from multiple choices are enclosed in a pair of curly braces ({ }).
  • type uses the following types. There may be additional types not listed here.
    • BOOL: Boolean. Takes the value t or f.
    • INT: 32-bit integer
    • LONG: 64-bit integer
    • FLOAT: 32-bit floating point
    • DOUBLE: 64-bit floating point
    • DATE: Date
    • STR: String. Enter the value inside a pair of double quotes (" ").
    • LIST: Array
    • IP: IP address
    • BLOB: Binary
    • REGEX: Regular expression (string)

This documentation uses the notation above when describing command syntax. For example, the syntax of the stream command is displayed as follows:

stream window=INT{s|m|h|d|mon} STREAM_NAME [, STREAM_NAME ...]

Acronyms, abbreviations, and terms

This documentation uses the following terms:

GUID
Abbreviation for Globally Unique Identity, a unique ID composed of hexadecimal characters
MAE
Logpresso Maestro
SNR
Logpresso Sonar
STD
Logpresso Standard
Web console
The web-based user interface provided by the Logpresso product suite
Table
The logical name of a file that stores logs

File access restrictions

Query commands that read or write local files (such as textfile, csvfile, and outputcsv) require cluster administrator privileges starting from version 4.0.2511.0, and the accessible file system paths are restricted.

The default allowed paths are $DATADIR/araqne-logdb/scan and $LOGDIR, and these can be changed in the launcher configuration file.

sudo vi ./etc/logpresso.conf

# Parameter:    -Daraqne.logdb.allowed_file_scan_paths
# Description:  comma-separated local file access allowlist
# Default:      araqne.data.dir/araqne-logdb/scan,araqne.log.dir
# Note:         Be sure to uncomment the DATADIR and the LOGDIR config above when using the variable.
#ALLOWED_FILE_SCAN_PATHS="$DATADIR/araqne-logdb/scan,$LOGDIR"

For more information about this change, see SNR#3124.