Identifying Queries on Remote Clusters

To identify queries within the LogScale humio repository in a remote cluster made by a parent multi-cluster view requires identify the original query in the logs, and then searching for the query ID on the remote cluster.

For example:

Identify the ID of the orginal query on the parent cluster or multi-cluster view. If the query was made via an API, it will be part of the metadata returned.
To find the query ID through the UI, search the humio by searching for the value of the queryInput field. For example, if the query contained the string numThreads:
logscale
```
queryInput=/numThread/
```
In the returned data, examine the queryID field. A query that has been submitted to a remote cluster will have an ID that ends with -F-######, where #### is another random identity string. For example:
csv
```
"queryID","source"
"IQ-1zegL8IHG7zuxeXvsvIeZclK-F-mZf2NVu6GV2VLN8sq8GjuI2G","console.log"
"IQ-dhHLvv15G7RXH8fPNqZVZ20P-F-VuG2eVlIwpgqVVfb1nbRVQqe","console.log"
```
The string after F- is the query ID of the remote cluster. The value should also be available within the federationId field.
To find the query on the remote cluster, search the humio repository for the query ID string:
logscale
```
queryID=/F-mZf2NVu6GV2VLN8sq8GjuI2G/
```

Falcon LogScale Self-Hosted 1.137.0-1.142.1 (Stable)

Self-Hosted Overview

Installing LogScale

Self-Hosted Admin.

Organization Essentials

Configuring Security

Authentication & Identity Providers

Users & permissions

Cluster Management

Configuration Settings

Ingesting Data

LogScale Configuration Parameters

LogScale URLs & Endpoints

Limits & Standards

Data Analysis 1.143.0-1.155.0

Data Analysis Overview

LogScale User Interface

Repositories & Views

Parsing Data

Searching Data

Writing Queries

Query Language Syntax

Query Functions

Dashboards & Widgets

Automation

Template Language

Keyboard Shortcuts

Identifying Queries on Remote Clusters

Enter search term