1 yaala - README.selections - 2005-07-08
2 ==============================================
6 One of the key features of yaala is, that you cen select the data printed
7 in the reports yourself. This is done using one or more select statements
8 which can be configured either in the config file or in the command line.
12 First you have to know that there are two types of fields: normal fields
13 (sometimes also called 'key') and aggregations. An aggregation is
14 basically everything you can sum up. In a webserver logfile this would be
15 the amount of bytes transferred and the number of requests. The keyfields
16 is everything else, e.g. the status code, because it doesn't make sense to
19 The syntax for select-statements is a bit like SQL. A basic select looks
21 select: "aggregation BY field";
23 This displays, for example, the amount of bytes transferred on each day.
24 For more detailed output you can select more than one (key)field. (The
25 combined output module supports up to three fields.) The fields have to be
27 select: "aggregation BY field0, field1, field2";
29 If you are interested in more than one aggregation for the same
30 (combination of) fields, you can select more than one aggregation, too.
31 However, this tends to look confusing in the generated output.
32 select: "aggregation0, aggregation1 BY field0, field1";
34 Ok, now you might only be interested in a part of all the requests. For
35 example you might wonder, how many times google has visited each file. You
36 can do this like this:
37 select: "requests BY file WHERE host =~ google";
39 Or, more general like this:
40 select: "aggregation BY field[, field ..] WHERE field <CMP> value";
42 '<CMP>' is the rule how to match the values. Methods implemented are:
45 '=~' regular expression (non-numeric only)
46 '!~' negated regular expression (non-numeric only)
47 '<', '>' lesser/greater than
48 '<=', '>=' lesser/greater or equal
51 FIELDS PROVIDED BY PARSERS
52 --------------------------
53 Which fields are available depends on the parser being used. A list of all
54 fields available from each parser follows:
56 Fields provided by the 'Bind9' parser:
69 Fields provided by the 'Common' parser:
81 Fields provided by the 'Ncsa' parser:
98 Fields provided by the 'Squid' parser:
116 Fields provided by the 'Xferlog' parser:
133 Fields provided by the 'Postfix' parser:
147 Fields provided by the 'Netacct' parser:
148 Please check/edit netacct.config, too!!