This topic describes how to search your logs using the Search page.
Overview of Log Search
Logging provides a powerful tool to search indexed logs. Use the Console to perform any of the following tasks:
- Search logs, whether in a basic user interface mode, or by typing custom queries in an advanced mode.
- Filter on values in logs, whether by log fields, text search, or time intervals, all in terms of chosen compartments or log groups.
- Visualize log data in a bar chart view, along with accompanying tabular data.
- Explore each log line in more detail. View the raw JSON payload, and view before/after information.
- Export search results to a JSON file.
Logs are indexed by default, which allows them to be searched using the Console.
For logs to be available and to be searchable from a certain time frame, they must first be enabled, and you can only search for logs after they start ingesting.
Required IAM Policy
To use Oracle Cloud Infrastructure, you must be granted security access in a policy by an administrator. This access is required whether you're using the Console or the REST API with an SDK, CLI, or other tool. If you get a message that you don’t have permission or are unauthorized, verify with your administrator what type of access you have and which compartment to work in.
Required Permissions for Searching Logs
To search indexed logs, a user must have the
read permission on the log
read access to the log group.
allow group GroupA to read log-groups in tenancy allow group GroupA to read log-content in tenancy
To search indexed logs, you must have access to the log group that contains the indexed logs. For more information, see Required Permissions for Working with Logs and Log Groups.
AUDIT_EVENT_READ, and if there are any log objects, it would also require
search "compartment/_Audit"requires just
search "compartmentOcid1/_Audit" "compartmentOcid2/logGroupNameOrOcid/logNameOrOcid"requires