Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  2. Veritas NetBackup™ Logging Reference Guide
  3. Using logs
  4. About unified logging
  5. About query strings used with the vxlogview command
Veritas NetBackup™ Logging Reference Guide

About query strings used with the vxlogview command

Use the vxlogview command to display the logs that unified logging generates. The vxlogview command includes the following option: -w (- -where) QueryString.

QueryString represents a text expression similar to a database WHERE clause. The query string expression is used to retrieve log entries from the unified logging system. The expression is a combination of relational operators, constant integers, constant strings, and names of log fields that evaluate to a single value. Expressions are grouped by logical operators such as AND and OR.

The supported relational operators are as follows:

<

less than

>

greater than

<=

less than and equal to

>=

greater than and equal to

=

equal to

!=

not equal to

The supported logical operators are as follows:

&&

logical AND

||

logical OR

Table: Data types for fields shows data types for specific fields as well as description and an example. When more than one example is listed, both examples produce the same results.

Table: Data types for fields

Field name

Type

Description

Example

PRODID

Integer or string

Provide the product ID or the abbreviated name of product.

PRODID = 51216

PRODID = 'NBU'

ORGID

Integer or string

Provide the originator ID or the abbreviated name of the component.

ORGID = 116

ORGID = 'nbpem'

PID

Long Integer

Provide the process ID

PID = 1234567

TID

Long Integer

Provide the thread ID

TID = 2874950

STDATE

Long Integer or string

Provide the start date in seconds or in the locale-specific short date and time format. For example, a locale can have the format 'mm/dd/yy hh:mm:ss AM/PM'

STDATE = 98736352

STDATE = '4/26/11 11:01:00 AM'

ENDATE

Long Integer or string

Provide the end date in seconds or in the locale-specific short date and time format. For example, a locale can have the format 'mm/dd/yy hh:mm:ss AM/PM'

ENDATE = 99736352

ENDATE = '04/27/11 10:01:00 AM'

PREVTIME

String

Provide the hours in 'hh:mm:ss' format. This field should be used only with operators =, <, >, >=, and <=

PREVTIME = '2:34:00'

SEV

Integer

Provide one of the following possible severity types:

0 = INFO

1 = WARNING

2 = ERR

3 = CRIT

4 = EMERG

SEV = 0

SEV = INFO

MSGTYPE

Integer

Provide one of the following possible message types:

0 = DEBUG (debug messages)

1 = DIAG (diagnostic messages)

2 = APP (application messages)

3 = CTX (context messages)

4 = AUDIT (audit messages)

MSGTYPE = 1

MSGTYPE = DIAG

CTX

Integer or string

Provide the context token as string identifier or 'ALL' to get all the context instances to be displayed. This field should be used only with the operators = and !=.

CTX = 78

CTX = 'ALL'

Consider the following when writing a query string.

Case sensitivity

Field names, severity types, and message types are not case-sensitive. For example, the following are valid entries:

  • sev = info

  • msgtype = diag

String constants

String constants should be given in single quotes. For example, PRODID = 'NBU'

Dates

Start and end dates can be provided in the following formats:

  • A string constant that corresponds to the regional display short date format

  • A UNIX long value of number of seconds that elapsed since midnight January 1, 1970.

Table: Examples of query strings provides examples of query strings.

Table: Examples of query strings

Example

Description

(PRODID == 51216) && ((PID == 178964)
|| ((STDATE == '2/5/15 09:00:00 AM') 
&& (ENDATE == '2/5/15 12:00:00 PM'))

Retrieves the log file message for the NetBackup product ID 51216 between 9AM and 12PM on 2015-05-02.

((prodid = 'NBU') && ((stdate >= 
'11/18/14 00:00:00 AM') && (endate 
<= '12/13/14 12:00:00 PM'))) || 
((prodid = 'BENT') && ((stdate >= 
'12/12/14 00:00:00 AM') && 
(endate <= '12/25/14 12:00:00 PM')))

Retrieves the log messages for the NetBackup product NBU between 2014-18-11 and 2014-13-12 and the log messages for the NetBackup product BENT between 2014-12-12 and 2014-25-12.

(STDATE <= '04/05/15 0:0:0 AM')

Retrieves the log messages that were logged on or before 2015-05-04 for all of the installed Veritas products.

Feedback

Was this page helpful?
Previous

About using the vxlogview command to view unified logs

Next

Examples of using vxlogview to view unified logs

Feedback

Was this page helpful?