You can filter a log file to display specific information from the log file. Once you filter a log file, you can view, search, print, and save the results to a file. You can also refresh the log file when filtering is on.
When the Operations Sentinel Log Viewer window displays filtered output, the title bar contains the caption "Filter: On."
The following types of filtering are available, and you can combine them for specialized filtering:
Log name (only applies to a consolidated log file)
Creating a Filter
Use the following procedure to filter the contents of the Log Viewer window:
Click Filter on the Tools menu.
The Log Viewer Filter dialog box appears.
Enter the filtering criteria as desired [time, log name (if applicable), log source, or text]. Move between fields using the mouse or Tab key. For the log source and text filters, you can choose case-sensitive or case-insensitive matching.
Note: When filtering a consolidated log that spans across two days, you are limited to filtering the log for the first day of the period.
To overwrite entries, use the Delete and Backspace keys to delete individual characters, or use the Clear button to clear all the values in a filter type before typing replacement characters.
Click OK. The filtered log file appears in the Log Viewer window.
Clearing a Filter
Use one of the following methods to return the log file to an unfiltered state:
Click Clear All Filters on the Tools menu.
Click Filtered on the View menu.
Clear all filter fields in the Log Viewer Filter window using the Clear button; click OK.
The Log Viewer window displays the entire log file. The title bar no longer indicates "Filter: On."
Time Filter
Time filters reduce output to a particular span of time and improve the performance of other filtering operations. For example, it is faster to do text filtering for a console for a one-hour period than for a whole day's log.
Specify only a start time to include all messages at or after that time. Specify only an end time to include all messages before or at that time.
When you specify both nonzero start and end times, the end time must be the same as or later than the start time.
When filtering a consolidated log that spans across two days, you are limited to filtering the log for the first day of the period.
Timestamps
Each message has two timestamps:
The time the message was logged on the Operations Sentinel server (Operations Sentinel server time)
The approximate time the message was generated by the managed host (host local time)
You can choose to filter on either time. The Operations Sentinel server time is more efficient and does not include some of the ambiguities inherent with host local time.
Time Zones
The displayed timestamps use a 24-hour clock in hour:minute:second:millisecond format (for example, 13:05:00:000 is 1:05 PM). The timestamps correspond to the time zones in which the Operations Sentinel server and the managed system are located. Therefore, it is possible to have timestamps from two time zones that appear in your logged messages.
Managed Host Versus Operations Server Time
The clocks on the Operations Sentinel server and the managed host may not be perfectly synchronized: they could differ by several minutes even within the same time zone. Typically, a log file is based on the server time. When the time changes from 23:59:59 to 00:00:00, the line is written to the log file for the new date. However, the host time may still be for the previous date if it is earlier than the server time. A similar situation occurs at the end of the day if the host time is greater than the server time.
The Operations Sentinel server time and the managed host time always increases in a log file unless you have modified the system time on the server. If this occurs, time filtering can produce unexpected results.
Host Time Filtering
Because of ambiguities inherent when you use host time filtering, results can be unexpected. One consideration in the use of host time filtering is that host times are approximated both when messages are logged and when they are filtered. When you specify a host time for filtering, the time is converted to an Operations Sentinel server time before the start and end messages are located. If the difference between the host time and the server time varies throughout the day, the result of host time filtering may include messages slightly earlier or later than the time you specify.
Log Name Filter
The log name filter enables you to select messages from a specific log file within a consolidated log, such as a console or a partition. To include only messages from a specific log file, type the name of the file you want to include. Log Viewer excludes all other log names.
Log Source Filter
With the log source filter, you can select messages from a specific log source, such as a console or an external application.
To include only messages from a specific log source, type the name of the log source you want to include. Log Viewer excludes all other log sources.
Console names correspond to the console names in an Operations Sentinel topology. Application names correspond to external programs that log messages through the Single Point Interface Pipe, the spo_event command, or the Event Server API.
Do not include any spaces in the log source name you specify.
Text Filter
You can type up to three text strings to search on concurrently. For example, you could type Business Information Server in Filter 1, DB/ COMM in Filter 2, and COMPLETE in Filter 3. The filter result will include only messages that contain all three text strings; it will not include a message such as "Business Information Server START."
You can perform AND/OR logical operations in the 2 or 3 text filter strings specified. Use <Ctrl+T> shortcut key to toggle between AND/OR operation on the specified text filters. The AND logical operation will sift through the log file and will display only those lines which contains all the strings specified through Text Filters. The OR logical operation will sift through the log file and will display all those lines which contain any one of the strings specified through Text Filters.
When the toggle operation is performed, the Window title text is updated to indicate which logical operation is being performed. For example, when an OR operation is performed, the Window Title text is changed to “Log Viewer Filter Text Filter: OR”. Use the <Ctrl+T> shortcut key to change the logical operation to AND operation if you want to perform an AND operation on the text filters. Now, the window title is changed to “Log Viewer Filter Text Filter: AND”. When you click the OK button, the log files that are generated will be the output of filters specified along with the logical operation specified using <Ctrl+T> option.
The Toggle Text Filters option
present under Tools menu performs
the same operation as <Ctrl+T> short cut key option. The 
icon available on the Toolbar also
performs the same function as <Ctrl+T> short cut key.
You can type the strings in any order. The text filter applies to the entire log image, including the log source, message type, and time.
Filtering works by lines, not by messages. If a log file contains multi-line messages, filtering may exclude part of a message.