To write a new query in LogScale:

Here is an example of very simple search with just one value:

Figure 88. One-Value Search

The Search box contains a query, and the search results appear in the Event list below.

In the example, we are filtering by selecting only events that contain the text example.com anywhere in their log message.

This is essentially the same as using grep on the Unix command-line, except with LogScale User Interface you can do it across all the logs, and from all servers and services at once.

Taking this example a little further, when we add a second search term to display only results for proxyRequest, the results are further filtered:

Figure 89. Two-Value Search

For much more details on the possible operations you can perform with queries, see Common Queries.

You can save a query for future use — you save the query, not the resulting data.

You can find again and reload saved queries anytime later from the Queries pull-down menu at the top of the User Interface, just above the query input field. You can make a saved search load automatically when opening the repository.

Figure 90. Saved Queries

Clicking Details on any saved query allows you to mark that query as favorite, export it as YAML, edit or delete it.

You can also save a query you use often by creating your own syntax function — see User Functions (Saved Searches) for more information.

You can recall recently run queries or saved queries from the Queries pull-down menu of the User Interface:

Figure 91. Recent Queries

You can use saved queries to save interactions on the Search page, thus avoiding recreation of the same interaction at every search. For more information on the interactions we support, see Event List Interactions and Managing Dashboard Interactions.

You can either: