Help banner

Creating, Editing and Deleting Queries

You can create two kinds of queries in iManager: manual queries and saved queries. Manual queries are simply queries that are not saved; they only run one time. Saved queries are listed in the Query list and may be run again and again against different databases.

IMPORTANT: Saved queries are stored in the User object you use to log in to iManager. Therefore, they are not available to other users on the system.

 

Creating Manual Queries

To create a Manual query in iManager,

  1. Click Manual Query.

  2. Select the database you want to query.

    For information on defining your available databases, see Creating Database Definitions.

  3. In the Name field, enter the name you want to appear in the query results’ title.

  4. Define the query statement in the Query window.

For basic information on building SQL queries, see the Novell Nsure Audit Administration Guide.

HINT: You do not have to include a FROM clause in your query statement. iManager dynamically builds the FROM clause using the table specified in the database definition you select when you run the query. However, if the query statement does include a FROM clause, iManager queries the table defined in the query statement. For basic information on building SQL query statements, see the Novell Nsure Audit Administration Guide.

  1. Click Run Query to run the query.

 

Creating Saved Queries

To create a Saved Query in iManager,

  1. Click New.

  2. In the Name field, enter the name you want to use to refer to this query.

The query name appears in the Query list and in the query results’ title.

  1. Define the query statement.

    1. Create the query using the Query Builder.

or

  1. Write the query statement in the Query SQL Statement window.

For basic information on building SQL queries, see the Novell Nsure Audit Administration Guide.

HINT: You do not have to include a FROM clause in your query statement. iManager dynamically builds the FROM clause using the table specified in the database definition you select when you run the query. However, if the query statement does include a FROM clause, iManager queries the table defined in the query statement. For basic information on building SQL query statements, see the Novell Nsure Audit Administration Guide.

  1. Mark Translate Column Titles if you want to label the column headings in the query results screen with the field titles defined in the log schema.

It is recommended that you only mark this option for queries that return one type of event. If you mark this option for queries that return multiple types of events, Nsure Audit Report labels the column headings with the field titles from the last event returned in the query.

IMPORTANT: For this option to work, you must import each application’s log schema. For information, see Adding Product Events.

  1. When finished, click OK.

The query now appears in the Query list.

 

Using the Query Builder

If you are unfamiliar with the SQL query language, you can use the Query Builder to help you define basic saved queries. The Query Builder simplifies the process of creating a query by allowing you to choose from lists of pre-defined parameters. The Query Builder then constructs the query statement from the parameters you select.

Because the Query Builder can only provide a limited set of parameters, the queries it creates are very simple. However, it is the easiest way to create saved queries and it is capable of creating most base-level queries.

The following provides a description of the options in the Query Builder.

Query Option

Description

Event Field

The event field you want to query.

For more information on the event fields, see Event Structure.

 

Condition

The condition under which the logging server applies the Value to the Event Field.

Depending on the Event Field, you may select the following conditions from the drop-down list box:

  • matches

  • less than

  • greater than

  • begins with

  • contains

  • is between _________ and __________

 

Value

The value for the designated event field.

The query statement applies the Value to the designated Event Field under the defined conditions. If an event matches the criteria, it is returned in the query results.

 

Operator

To narrow the query results, you can define values for multiple event fields. Using standard “and,” “or” operators, you can define multiple event conditions. The “done” operator indicates the end of the query statement.

The conditions are accumulative; that is, the logging server applies the first, then the second, then the third, etc., to progressively narrow the results.

 

Arrows Arrows

The down arrow moves the query down into the Query SQL Statement window. iManager builds an SQL query statement from the parameters you defined in the Query Builder.

The up arrow moves an SQL query statement from the Query SQL Statement window to the Query Builder. If the query statement includes clauses that are outside the scope of the Query Builder, iManager returns the error SQL statement is too complex to use builder.

The following macros can be used in the SQL Statement:

HexToDec[hex#] - converts a number from hexidecimal to decimal for a query

IP[192.168.0.5] - enables you to use an IP address in a query

[table] - replaced with the actual table name during the query.

 

Editing Saved Queries

You can edit any saved query, including the predefined queries included with iManager. To edit a saved query,

  1. Mark the checkbox next to the query you want to edit.

  2. Click Edit.

    The Edit Query screen appears.

  3. Make the desired changes to the query fields. For information on these fields, see Creating a Saved Query above.

  4. When finished, click OK.

Deleting Saved Queries

To delete a saved query, mark the checkbox next to the query name and click Delete. The query is removed from the Query list.

For additional information, see Running Queries, Exporting Query Results, or Printing Query Results.

For more information on using Nsure Audit, see Nsure Audit Help.

A trademark symbol (®, TM, etc.) denotes a Novell trademark. An asterisk (*) denotes a third-party trademark. For information on trademarks, see Legal Notices.