Write new queries

The Query editor is fully editable and you can enter single-line and multiple-line queries. For a comprehensive list of LogScale's query functions with descriptions, see Query Functions.

To write a new query in LogScale:

Go to Repositories and Views menu and click on the repository or view in which you want to search.
From the Search page, enter one or more search terms in the Query editor, then press Enter or click Run.
If needed, adjust the size of the Query editor by dragging manually or clicking the small Fit to query arrows to make it fit the query.

Here is an example of very simple search with just one value:

Screenshot showing a simple one-value search

Figure 96. One-Value Search

The Query editor contains your query, and the search result appears in the Event list panel, under the Results tab.

In the example, filtering is made by selecting only events that contain the text example.com anywhere in their log message.

This is essentially the same as using grep on the Unix command-line, except with LogScale UI you can do it across all the logs, and from all servers and services at once.

Taking this example a little further, when adding a second search term to display only results for proxyRequest, the results are filtered further:

Figure 97. Two-Value Search

For much more details on the possible operations you can perform with queries, see Common Queries.

Data Analysis Overview

LogScale User Interface

Manage Repositories & Views

Parse Data

Search Data

Write Queries

Query Language Syntax

Query Functions

Dashboards & Widgets

Automation

Template Language

Keyboard Shortcuts

Write new queries

Other articles on this topic

Similar Content

Related API Calls

Training

Enter search term