Writing Queries

After installing Falcon LogScale on a server or accessing it on Cloud, ingesting data into LogScale and having this data parsed, you can start diving deep into the data, by making queries against the fields available in the events. Learning how to write queries is an essential step to effectively use LogScale.

graph LR; A["Install and Configure LogScale"]--> B B["Create a Repository"]--> C C["Configure Data Ingest"]--> D D["Parse and Filter Data"]--> E E["Enrich Data"]--> F F["Query Data"] style F fill:#A17CA0,color:#fff

Figure 81. Process graph


The events ingested and parsed in LogScale can be any type of text based data, structured and unstructured, whether it is from application logs, infrastructure events, network, or other security-related devices or applications.

Querying these event logs captured in LogScale means proactively analyzing all your data, making the most of it by asking the right questions and finding answers in order to address issues from your business' use cases.

For example, you may want to have insights on the users visiting your Company's website, investigating on where they are coming from, whether they lose the connection, whether they experience errors while on the website, and the like.

Accomplish all this by thoroughly searching your event fields, doing calculations and using query combinations thanks to the LogScale's powerful query language and its numerous query functions — learn more on query functions at Query Language Syntax and Query Functions.

To understand the flow of information and how event data is processed, start with Basic Query Principles.

Managing Queries

For step-by-step guidelines on how to write and save queries in LogScale User Interface, go to this linked page.

Common Queries

There are many actions you can perform with queries. Click on the heading here to see a list of frequently used queries.

Writing Better Queries

On the page linked here, you will find guidelines on how to write better-performing queries.