Queries in Humio are written and can be reused from the Search tab of the User Interface.
Writing a New Query
To write a new query in Humio:
Go to Repositories and Views page and click on the Repository or View in which you want to search.
Type one or more search terms in the Search Field box and clickor enter.
If needed, adjust the size of the box by dragging manually or clicking the arrows on the right to make it fit the query.
Here is an example of very simple search with just one value:
Figure 70. One-Value Search
The Search Field box contains a query, and the search results appear in the Event list below.
In the example, we are filtering by selecting only events that contain
example.com anywhere in their log message.
This is essentially the same as using
grep on the
Unix command-line, except with Humio User Interface you can do it across
all the logs, and from all servers and services at once.
Taking this example a little further, when we add a second search term
to display only results for
proxyRequest, the results
are further filtered:
Figure 71. Two-Value Search
For much more details on the possible operations you can perform with queries, see Frequently Used Query Operations.
You can save a query for future use — you save the query, not the resulting data.
Click on thelink at the top right above the main panel.
Specify in the Save Query window popping up whether this query is overwriting a previously saved one.
Give the query a name and click.
You can find again and reload saved queries anytime later from the Queries pull-down menu at the top left of the User Interface, just above the query input field. You can make a saved search load automatically when opening the repository.
Figure 72. Saved Queries
You can also save a query you use often by creating your own syntax function — see User Functions for more information.
You can recall recently run queries or saved queries from the Queries pull-down menu of the User Interface:
Figure 73. Recent Queries