Query and Search Management

Insight and control over your queries and searches

ChaosSearch offers added functionality in the Search Analytics interface. Users can be granted access to two added features: a Progress Bar and a Cancel Query button. These extra features allow our users to have visibility into the duration of an executed query, and the control to cancel a running query.

Query Status

The ChaosSearch Search Analytics interface offers a unique view into the status of your queries. While a query is running, the Query Progress bar displays information about the query, including:

  • A progress bar with a summary of the segments being scanned, and the breakdown of active and pending segments
  • A status message that the query is running
  • An estimate for the size of the data being scanned for the query

The progress bar updates while the segments of data are processed. As data becomes available, it is periodically loaded to update both the histogram and the records list. When complete, the status message changes to Last query complete.

Query Cancelation

For any long-running queries, ChaosSearch provides a Cancel Query button in the top-right corner to stop the query. This feature allows users to control which queries will complete and which queries are cancelled to avoid long wait times, query timeouts, or system impacts.

If you click Cancel Query while the query is running, the status message changes from Query in progress to Last query cancelled. The progress bar stops and any data already loaded to the window remains, until you run the next query.

What is a Segment?

A Chaos segment is a lossless, highly compact, representation of raw source (your log and event files), divided into 25 to 75 megabyte pieces. Each segment is a highly compressed portion of the source content, with a 90% or more reduction in size. However, unlike compressed files—which offer no analytic capabilities—Chaos segments support native and performant Text Search, Relational Query, and Machine Learning operations. A segment, therefore, is a hybrid of a lossless compression algorithm and a fully indexed, multi-model, database structure.

The Chaos Indexing Service creates segments from raw sources associated with an object group. As users query the views that reference one or more object groups, the query efficiently accesses the associated segments and leverages their built-in analytical capabilities to resolve the request at scale.