How to query specific 'compressd file' via web console?

[dkhwangbo]

Like 'index pattern' in ES&Kibana, How to query with specific file?
Is it the only way to query the entire compressed file?

[kirkrodrigues]

Hi @dkhwangbo,

Sorry for the slow response!

The web console currently doesn't support filtering for specific compressed files but if you're using clp-text, you can filter by file path from the command line:

sbin/search.sh --file-path <file-path> <query>

For example:

sbin/search.sh --file-path /var/log/syslog 'CRON'

We plan to add support to do the same in the web interface. Let us know if this is a must-have feature for you and we can try to prioritize it.

If you want something more similar to how Elasticsearch's indices work, then you could try clp-text's tagging feature. During ingestion, you can assign one or more tags to each set of logs you ingest:

sbin/compress.sh --tags <tag1>,<tag...>,<tagN> <log-paths>

And then you can search by tag:

sbin/search.sh --tags <tag1> <query>

Note that both of these features are currently only supported by clp-text, but let us know if you're using clp-json and we can prioritize adding the same for clp-json.