HCL Workload Automation, Version 9.4

How to perform queries on log files

Log files can be very long and detailed. When you view your log files with the Log and Trace Analyzer, you can apply one or more queries to filter information in the file and make searches faster. You can use the following queries to filter only the relevant information or you can create your own queries depending on your requirements. The following queries are written in XPath query language.

To filter all the events generated by a specific user:
/CommonBaseEvent [extendedDataElements/children[@name='userInfo' and values='username']]
To filter all the events related to a specific object class:
/CommonBaseEvent [ extendedDataElements//children[@name='objectClass' and values='Resource]]
To filter all the events related to a specific object:
//CommonBaseEvent [ extendedDataElements//children[@name='objectName' and values='myresource']/../children[@name='objectClass' and values='Resource']]
To filter all the events related to a specific action:
/CommonBaseEvent [extendedDataElements[@name='action' and values='uninstall']]
To filter all the events with SUCCESSFUL outcome:
/CommonBaseEvent [extendedDataElements/children[@name='result' and values='SUCCESSFUL']]

The following query returns all create actions:

/CommonBaseEvent[ extendedDataElements[@name = 'action' and values = 'create']]

You can export this query into an XML file as follows:

<?xml version="1.0" encoding="UTF-8"?><cbeviewer_configuration>
<logParserSets>
   <logParserSet 	description="Parser for CBE log" 
                  id="com.ibm.cbeviewer.parsers.cbeLogParserSet"
                  label="Common Base Event log" 
                  parentId="com.ibm.cbeviewer.parsers.jdLogParserSet"/>
   <logParserSet 	description="Parser for CEI Server" 
                  id="com.ibm.cbeviewer.parsers.ceiLogParserSet"
                  label="Common Event Infrastructure server" 
                  parentId="com.ibm.cbeviewer.parsers.jdLogParserSet"/>
   <logParserSet	description="Other parsers" 
                  id="com.ibm.cbeviewer.parsers.otherParsersLogParserSet" 
                  label="Other parsers"/>
</logParserSets>    	
<recent_expressions>
     <xpath name="All Create Events">
     /CommonBaseEvent[ extendedDataElements[@name = 'action' and values = 'create']]
     </xpath>
</recent_expressions></cbeviewer_configuration>

The following is a short example of a log file:

<CommonBaseEvent 
      creationTime="2007-06-06T14:26:23.311Z" 
      extensionName="TDWB_JOB_AUDIT_EVENT" 
      globalInstanceId="CEFC6DD156CA54D902A1DC1439E6EC4ED0" 
      sequenceNumber="1" 
      version="1.0.1">
   <extendedDataElements 
         name="userInfoList" 
         type="noValue">
      <children 
            name="userInfo" 
            type="string">
         <values>UNAUTHENTICATED</values>
      </children>
   </extendedDataElements>
   <extendedDataElements 
         name="action" 
         type="string">
      <values>submit</values>
   </extendedDataElements>
   <extendedDataElements 
         name="outcome" 
         type="noValue">
      <children 
            name="result" 
            type="string">
         <values>SUCCESSFUL</values>
      </children>
   </extendedDataElements>
</CommonBaseEvent>