Writing Queries
After installing Falcon LogScale on a server or accessing it on Cloud, ingesting data into LogScale and having this data parsed, you can start diving deep into the data, by making queries against the fields available in the events. Learning how to write queries is an essential step to effectively use LogScale.
Figure 81. Process graph
The events ingested and parsed in LogScale can be any type of text based data, structured and unstructured, whether it is from application logs, infrastructure events, network, or other security-related devices or applications.
Querying these event logs captured in LogScale means proactively analyzing all your data, making the most of it by asking the right questions and finding answers in order to address issues from your business' use cases.
For example, you may want to have insights on the users visiting your Company's website, investigating on where they are coming from, whether they lose the connection, whether they experience errors while on the website, and the like.
Accomplish all this by thoroughly searching your event fields, doing calculations and using query combinations thanks to the LogScale's powerful query language and its numerous query functions — learn more on query functions at Query Language Syntax and Query Functions.
To understand the flow of information and how event data is processed, start with Basic Query Principles.
For step-by-step guidelines on how to write and save queries in LogScale User Interface, go to this linked page.
There are many actions you can perform with queries. Click on the heading here to see a list of frequently used queries.
On the page linked here, you will find guidelines on how to write better-performing queries.