DOCUMENTATION: Additional information and examples for using the --where option to build a query for "vxlogview" with Veritas NetBackup (tm) 6.0

Article:TECH44529  |  Created: 2005-01-25  |  Updated: 2008-01-31  |  Article URL http://www.symantec.com/docs/TECH44529
Article Type
Technical Solution


Environment

Issue



DOCUMENTATION: Additional information and examples for using the --where option to build a query for "vxlogview" with Veritas NetBackup (tm) 6.0

Solution



Manual:  Veritas NetBackup (tm) 6.0 Troubleshooting Guide for UNIX and Windows, Pages: 74 - 87
Modification Type:  Addition

Modification:
The vxlogview command contains a --where option which can be used to build queries for unified log files.  The vxlogview command will query the log files stored in /usr/openv/logs for information based on any the query options used.  For servers with high logging levels and lots of activity the vxlogview command can take a long time to complete.  This delay will be more noticeable the further back the query has to search.

The following rules apply when building queries:

1. The --where "<query>" must be surrounded by quotes.  This is required to properly handle the different query fields (Table 1).
Failing to use quotes around the entire query will cause a "syntax error near unexpected token" error.

2. Any search for a date or other string value must be surrounded by single quotes.  
Failing to surround a string with single quotes will cause a "V-1-11 Undefined keyword." error.  
Example:
# vxlogview --where "(prodid = 'NB') && (stdate >= '10/26/2005 02:12:10 PM')"

3. Single quotes are not required when searching for a numeric value, such as a logging level (5), or a time listed in seconds (1130310730).
Example:
# vxlogview --where "(prodid = 51216) && (stdate >= 1130310730)"

4. The start date (STDATE) and end date (ENDATE) can be provided either as a string or as a number of seconds.  The date format as a string must be 'MM/DD/YYYY HH:MM:SS AM|PM'.  The YYYY can be provided using two digits (05) or using four digits (2005).  When using a number of seconds the date format in seconds is the number of seconds elapsed since midnight January 1, 1970.

5. When grouping multiple queries use ()'s to group related entries.  This is needed when building a query that uses the different logical operators && and || (Table 3).
Example:
# vxlogview --where "((prodid = 'NB') && ('orgid = 116)) || (prodid = 'ics')"

6. Using the --where option will cause vxlogview to ignore any other options passed to the command.  As a result any searches for multiple fields such as specific product Id's or date ranges must be submitted using the proper query options.


Table 1 - The following fields can be used to build queries.

 
FieldExampleDescription
PRODID or prodid(prodid = 51216)Search for the product ID or the abbreviated name of product.
ORGID or orgid(orgid = 116)Search for the originator ID or the abbreviated name of the component.
PID or pid(pid = 27187)Search for the process ID that logged the message.
TID or tid(tid = 3)Search for the thread ID.
STDATE or stdate(stdate >= date)Search for a start date in seconds or in a specific 'MM/DD/YYYY HH:MM:SS AM|PM' format.
ENDATE or endate(endate <= date)Search for a end date in seconds or in a specific 'MM/DD/YYYY HH:MM:SS AM|PM' format.
PREVTIME or prevtime(prevtime = time)Search for a previous time in a 'HH:MM:SS' format.
SEV or sev(sev = ERR)Search for the severity type. Valid settings for sev are INFO, WARNING, ERR, CRITor EMERG.
MSGTYPE or msgtype(msgtype = APP)Search for the message type. Valid settings for msgtype are: DEBUG, DIAG, APP, CTX or AUDIT.
CTX or ctx(ctx = token)Search for the context token as string identifier.
LEVEL or level(level = 5)Search for a specific logging level (1 - 5) to display messages for.
WHO or who(who = '[?]')Search for who logged a message.


Table 2 - The following relational operators can be used to search for values.

 
OperatorExampleDescription
<(level < 3)A < is used for less than.
>(sev > INFO)A > is used for greater than.
<=(endate <= date)A <= is used for less than or equal to.
>=(stdate >= date)A >= is used for greater than or equal to.
=(pid = 14926)A = is used for equal to.
!=(orgid != 116)A != is used for not equal to.


Table 3 - The following logical operators can be used to find multiple fields.

 
OperatorExampleDescription
&&"(orgid = 116) && (stdate >= date)"A double ampersand is a logical AND.
||"(sev = ERR) || (sev = CRIT)"A double pipe is a logical OR.


Example vxlogview queries:
1 Search for all job submission details.  This will display birth and death times for jobs as well as any job submission details for jobs created after 10/25/2005.
# vxlogview --where "( who = '?' ) && (orgid = 116) && (stdate >= '10/25/2005 00:00:00 AM')"

2. Search for any log entry with a severity higher than [Info] written on or after 10/25/2005.
# vxlogview --where "(sev > INFO) && (stdate >= '10/25/2005 00:00:00 AM')"

3. Search for any log entry that was generated at a diagnostic level of four or higher.
# vxlogview --where "((msgtype = DIAG) && (LEVEL >= 4)  && (stdate >= '10/27/05 0:0:0 AM')"

4. Search for a context value, such as multiple job Id's.
# vxlogview --where "((ctx = 'jobid=1561') || (ctx = 'jobid=1562')) && (stdate >= '10/25/2005 02:00:00 PM')"

5. Search for log messages for the VxICS product that were logged between the dates 10/25/05 and 10/26/05:
# vxlogview --where "(prodid = 'ics') && ((stdate >= '10/25/05 0:0:0 AM') && (endate <= '10/26/05 23:59:59 PM'))"

6. This query will retrieve log messages, which are logged before 10/27/2005 for all the installed Veritas products.
# vxlogview --where "(STDATE <= '10/27/05 0:0:0 AM')"

7. This query will retrieve log messages for multiple originators for the NetBackup product.
# vxlogview --where "((orgid = 116) || (orgid = 117)) && (stdate >= 10/27/05 0:0:0 AM')"





Legacy ID



279865


Article URL http://www.symantec.com/docs/TECH44529


Terms of use for this information are found in Legal Notices