Searching Data

Search Box

As a first step to searching data, you'll probably enter a query in the search box of the User Interface. This page covers this essential component of the UI.

Event Fields

For each data record in a repository, each event is parsed into multiple fields for easy sorting and searching. This page explains the fields available.

Search Status

Whenever a repository is searched, at the bottom of the UI you'll see status information on that search. This linked page explains those stats.

Display Fields

In the UI, there are several event fields listed on which you may search. The page linked here explains the Field Panel for a repository.

Format Columns

You can add, eliminate, and reorder the field columns in your search results. You can also reformat the contents of those columns for a more meaningful display. Click on the heading here to learn more.

Highlight Filter Match

Your results will be highlighted based on the filters applied in queries. This helps you identify where in the event text a query matches the results.

Different Visuals

While all search results can be displayed as text – that's how it's ingested – you can easily change the display for search results to show the data in a variety of ways, including graphs, pie charts, and other graphics.

Event Display Methods

Events are displayed in the search results in a particular way, in a particular order. You can change how results are displayed, though. See the linked page for more on this.

Select & Filter

When searching a repository, you can select fields to search. You can also select fields on which to filter the results. Click the heading here for more.

Adding & Removing Fields

For a more simplified display that's easier to review, you can select which fields in a query results to display — and which to hide.

Change Time Frame

Search results are for a specific time frame: such as, the past day, the past month, other time ranges. You can also display data for a time range that includes the current moment, known as live instead of static data. This linked page explains how to change the time frame of a search.

Set Time Zone

Data is ingested into LogScale with a time stamp for each event. Those time stamps are for a particular time zone, but can be changed in your search results. This page shows how to make that change.

Inspect Events

When you search a repository, you'll see a list of events. If you click on one in the main Event List pane, you'll see more details in the Inspection Panel. This linked page explains that panel.

Show in Context

You can have a detail view in context of a single event and search for value matches with a different time interval.

Event List Interactions

You may find the search results fairly limited. Fortunately, you can interact with the results to reveal much more information. This page provides plenty of details and illustrations on how to do that.

Field Interactions

In the Event List, Fields Panel, and Inspection Panel of the UI, you can click the ⋮ icon for a field to get a list of interaction choices. This page gives more details.

Field Aliasing

Implementing Field Aliasing in your workflow simplifies data correlation from various sources. You can give alternative names — or aliases — to fields created at parse time, across a view, or the entire organization. This page gives more details.

Save Searches

It can be tedious to construct a search query. When you get a query the way you want – especially one that you may use often – you might want to save it. Click on the heading here to learn how to do this.

Export Data

Although LogScale's UI is well designed and works well, you may want to export search results to a file for use in another application. This linked page explains how to export the results as they are, to a plain text file. It also explains how to export to a file in CSV or JSON format.