I am trying to use chainsaw to view entries in a log file. I have it setup, and working fine. The log file I have is large, so chainsaw is unable to hold all the messages I want to see in its 5000 entry cyclic window. So I would like to know how to set things up so I can view not just the last 5000 entries, but any set. Ideally I would like at 4pm to be able to see the 5000 messages after 9am.
I thought that the filterExpression looked the ideal candidate for this. I have tried setting TIMESTAMP ~= '06', and this shows all entries. However if I try any other literal (e.g. '2006' or '08/06'), no rows are returned. So the questions I have are 1) Is this the best (or at least a viable) way to achieve the desire3d functionality? 2) What format should I specifiy the literal for the timestamp field? The actual format in the log file, or the format defined via the timestampFormat field? Also could you add a search feature? e.g. you are showing 5000 entries, and you know you want the one that has a message saying "calling server". I know you can filter the entires to only show matching entries ( e.g. MSG ~= 'calling server'), but what about adding a simple search from current position (or backwards for that matter) for a given string in a given column (or all columns). That would be really useful. Thanks for providing a great tool. It really helps. With the ability to search archives for messages at specific times, would IMHO be a really useful addition. Chris
