Search logs
Using
In area 2 - where you enter log search information : we support you with 2 search methods: Suggestion mode and Editor mode.
Suggestion mode (default): we will display suggestions for all the fields of the incoming logs for you to choose from (you should choose fields with the suffix keyword so we can always suggest the available value of the logs). field for you). The search will have the most accurate results when you enter the correct Fields <Operator> Value syntax .
For example, to filter log records with HTTP method GET within the last 15 minutes, select query as http_method.keyword = 'GET' and set time range to 15m..
Editor mode : by default when you search logs, we will enable Suggestion mode . To use Editor mode, select the icon Edit. When the screen displays Search log entries with Editor mode, you can start entering filters through Editor mode. The syntax for entering a query is similar to Suggestion mode: Fields <Operator> Value. For example, if you enter http_method.keyword = "GET", the system will search for all log records with field http_method.keyword = "GET".
After selecting Suggestion mode or importing in Editor mode , you can:
Press Enter or select the icon Search to perform a search for logs.
Select this icon Close if you want to delete all entered/selected filter conditions.
Usage situations
Simple syntax (single query)
To search for logs, you need to select/enter according to the Fields <Operator> Value syntax . In there:
Field : list of fields in the log project you are selecting.
Operator : we provide you with the operations described in the table below:
Value : the value of the field is suggested or you enter yourself.
Math (Operator) | Describe | Illustration |
= | equal some value | host = "ABC" - The system will find log records with field host = "ABC". |
!= | not equal some value | host != "ABC" - The system will look for log records with field types other than "ABC". |
:* | exists is any form | type.keyword :* - The system will find log records where the host field exists. (Existence means the host field appears in the log line, regardless of the value of the host field). |
!:* | not exists | type.keyword !:* - The system will find log records that do not exist in the host field. (Non-existent means the host field does not appear in the log line). |
< | less than some value | @timestamp < "1690772380191" - The system will find log records with timestamp field less than the value 1690772380191. |
> | greater than some value | @timestamp > "1690772380191" - The system will find log records with timestamp field greater than the value 1690772380191. |
<= | less than or equal to some value | @timestamp <= "1690772380191" - The system will find log records with timestamp field less than or equal to the value 1690772380191. |
>= | greater than equal to some value | @timestamp >= "1690772380191" - The system will find log records with timestamp field greater than or equal to the value 1690772380191. |
Complex syntax (complex query with boolean operator)
You can combine multiple Single queries into a Complex query using the syntax Field <Operator> Value <AND/OR> Field <Operator> Value... In which:
Field : list of fields in the log project you are selecting.
Operator : we provide you with the operations described in the table above.
Value : the value of the field is suggested or you enter yourself.
Boolean operator : we provide you the concatenation operations described in the table below:
Concatenation operation (Operator) | Describe | Illustration |
AND | equal some value | http_method.keyword = "POST" AND response_code.keyword = "404" - The system will look for log records with field http_method.keyword = "POST" and field response_code.keyword = "404." |
OR | not equal some value | http_method.keyword = "POST" OR response_code.keyword = "404" - The system will look for log records with field http_method.keyword = "POST" or field response_code.keyword = "404." |
Query with for a piece of content
You can search for a piece of content by entering GET directly into the search field. For example, if you enter the text GET, the system will search all log records in which any data field appears this string of characters.
Last updated
