Query and Search Management
Insight and control over your queries and searches
ChaosSearch offers added functionality in the Search Analytics interface. Users can be granted access to two added features: a Progress Bar and a Cancel Query button. These extra features allow our users to have visibility into the duration of an executed query, and the control to cancel a running query.
Query Status
The ChaosSearch Search Analytics interface offers a unique view into the status of your queries. While a query is running, the Query Progress bar displays information about the query, including:
- A progress bar with a summary of the segments being scanned, and the breakdown of active and pending segments
- A status message that the query is running
- An estimate for the size of the data being scanned for the query
The progress bar updates while the segments of data are processed. As data becomes available, it is periodically loaded to update both the histogram and the records list. When complete, the status message changes to Last query complete.
Query Cancelation
For any long-running queries, ChaosSearch provides a Cancel Query button in the top-right corner to stop an in-progress query that might not be correct (wrong filters, etc.) or that is taking too long to complete. This feature helps to avoid long wait times, query timeouts, or system usage when a query is not correct and needs to change.
If you click Cancel Query while the query is running, the status message changes from Query in progress to Last query cancelled. The progress bar stops and any data already loaded to the window remains, until you run the next query.
Use caution if one or more people might log in concurrently with the same ChaosSearch user account to the same system. In that case, actions like running a search or cancelling a search from one browser could impact/cancel queries in progress in a different browser by the same user.
What is a Segment?
A Chaos segment is a lossless, highly compact, representation of raw source (your log and event files), divided into 25 to 75 megabyte pieces. Each segment is a highly compressed portion of the source content, with a 90% or more reduction in size. However, unlike compressed files—which offer no analytic capabilities—Chaos segments support native and performant Text Search, Relational Query, and Machine Learning operations. A segment, therefore, is a hybrid of a lossless compression algorithm and a fully indexed, multi-model, database structure.
The Chaos Indexing Service creates segments from raw sources associated with an object group. As users query the views that reference one or more object groups, the query efficiently accesses the associated segments and leverages their built-in analytical capabilities to resolve the request at scale.
Updated 4 months ago