Hi Chris, You could consider using another analyzing tool called XTraceViewer (www.xtrace.de). It is designed for working with huge log data (a few hundred MB). Further, it provides a comfortable and powerful filter mechanism. Filters are organized in a filter tree (GUI) comprising time range filters, text filters, thread filters and the complete logger hierarchy.
So, time range filters will address one of your problems. From- and To-times are entered via a date/time-GUI-control. Don't worry about a specific format. Text filters allow you to filter for text in a specified column. The find dialog works analog to text filters. Enter text/column and determine the search direction (forwards/backwards). Furthermore, filter settings can be saved and afterwards applied to other/similar log data. Bernd -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of chris derham Sent: Monday, August 21, 2006 4:14 PM To: log4j-user@logging.apache.org Subject: Filtering long log files and searching I am trying to use chainsaw to view entries in a log file. I have it setup, and working fine. The log file I have is large, so chainsaw is unable to hold all the messages I want to see in its 5000 entry cyclic window. So I would like to know how to set things up so I can view not just the last 5000 entries, but any set. Ideally I would like at 4pm to be able to see the 5000 messages after 9am. I thought that the filterExpression looked the ideal candidate for this. I have tried setting TIMESTAMP ~= '06', and this shows all entries. However if I try any other literal (e.g. '2006' or '08/06'), no rows are returned. So the questions I have are 1) Is this the best (or at least a viable) way to achieve the desire3d functionality? 2) What format should I specifiy the literal for the timestamp field? The actual format in the log file, or the format defined via the timestampFormat field? Also could you add a search feature? e.g. you are showing 5000 entries, and you know you want the one that has a message saying "calling server". I know you can filter the entires to only show matching entries ( e.g. MSG ~= 'calling server'), but what about adding a simple search from current position (or backwards for that matter) for a given string in a given column (or all columns). That would be really useful. Thanks for providing a great tool. It really helps. With the ability to search archives for messages at specific times, would IMHO be a really useful addition. Chris
