Oracle Cloud Infrastructure Documentation

search

Use this command to search for a logical expression.

Syntax

search <logical_expression>

Where <logical_expression> includes the following:

  • <keyword_expression>

  • <comparison_expression>

  • <cmp>

  • <eval_expression>

  • <value>

  • <string_literal>

  • <between_exp>

  • <in_exp>

Parameters

The following table lists the parameters used with this query, along with their descriptions.

Parameter Description

logical_expression

This parameter includes all keywords or fieldname-value pairs used to filter data.

keyword_expression

Use this parameter to specify the keywords or phrases you want to match. The value for this result must follow the format <string>, <string>, or <string>.

comparison_expression

Use this parameter to compare a field to an expression. The value for this parameter must follow the format <field_name><cmp> <eval_expression>, <field_name> <between_exp>, or <field_name> <in_exp>.

cmp

Use this parameter to specify a comparative operator. Permitted values for this parameter include =,!=, <, >, >=, <=, and [NOT] LIKE.

eval_expression

Use this parameter to specify literals which represent the value of your destination field.

value

Use this parameter to specify a numeric or a string literal. The permitted value for this parameter must follow the format <string_literal> or <numeric literal>.

string_literal

Use this parameter to specify a string literal. The permitted value for this parameter must follow the format <string>, <string>, or <string>.

between_exp

Use this parameter to specify a range. The permitted value for this parameter must follow the format [NOT] BETWEEN (<value> | <numeric_literal>) AND (<value> | <numeric_literal>).

in_exp

Permitted values for this parameter must follow the format [NOT] IN “(“<value>) (“,” (<value>)*”)”.

Functions Available with the Command

You can use the following functions with the search command:

Function Description Example

md5(string)

Searches for the md5 encoded value

 * | search md5("hash my input")

sha1(string)

Searches for the sha1 encoded value

 * | search sha1("hash my input")

sha256(string)

Searches for the sha256 encoded value

 * | search sha256("hash my input")

sha512(string)

Searches for the sha512 encoded value

 * | search sha512("hash my input")

encode64(string)

Searches for the Base64 encoded value

 * | search encode64("my input")

decode64(string)

Searches for the Base64 decoded value

 * | search decode64("encoded input")

anyOf(condition1, condition2, ..., conditionN)

Note: This is equivalent of (condition1 OR condition2 OR ... conditionN)

Note: This can also be used in eval/where

* | search anyof(ERROR, WARNING, FATAL) - Search for any of these words

* | search anyof(Severity = ERROR, ERROR)

allOf(condition1, condition2, ..., conditionN)

Note: This is equivalent of (condition1 AND condition2 AND ... conditionN)

Note: This can also be used in eval/where

* | search allof(ERROR, WARNING, FATAL) - Search for all three words

* | search allof(Severity = ERROR, ERROR)

anyFields(wildCardExpression) = value

anyFields(wildCardExpression) != value

Note: This is equivalent of (field1 = value OR field2 = value OR ...)

Note: This can also be used in eval/where

 * | search anyFields('Project*') != null

Translates to: search for ('Project ID' != null or 'Project Name' != null or 'Project Description' != null)

allFields(wildCardExpression) = value

allFields(wildCardExpression) != value

Note: This is equivalent of (field1 = value AND field2 = value OR ...)

Note: This can also be used in eval/where

 * | search allFields('Project*') != null

Translates to: search for ('Project ID' != null and 'Project Name' != null and 'Project Description' != null)

For examples of using this command in typical scenarios, see:

The following query returns ORA-00600 log entries. 

Message like '%ORA-00600%'

The following query returns all ORA-00600 logs and fatal logs. 

Message like 'ORA-600%' or Severity = fatal

The following query returns all database logs.

'Target Type' in ('Database Instance', 'Cluster Database')

The following query returns all logs for the database MyDb. 

Target = MyDb and 'Target Type' = 'Database Instance'