Log Queries: Quick Reference

Previous Next JavaScript must be enabled to correctly display this content

B Log Queries: Quick Reference

Here are some examples about how to phrase Search queries.

Search queries can be grouped as

Reporting Queries

Requirement	Query
Return count of logs grouped by entity type, severity.	`* \| stats count by ‘entity type’, severity`
Return time series for count of fatal logs.	`severity=’fatal’ \| timestats count`
Return the top 5 entities and their type with fatal logs.	`severity='fatal' \| stats count as 'fatal count' by entity, ‘entity type' \| top limit=5 'fatal count'`
Return the top 50 distinct entities as well as the count of logs for each of those entities.	`* \| stats count as 'count by entity’ by entity \| top limit=50 'count by entity’`

Grouping Queries

Requirement	Query
Perform cluster analysis on fatal logs and save it in a collection called “Fatal logs”.	`severity='fatal' \| cluster collection='fatal logs'`
Return the fatal logs that were included in summary ID 10002000002 and 10032000002 in the collection ‘Fatal logs’.	`Severity = fatal \| clusterdetails collection = 'Fatal Logs' id in (10002000002, 10032000002)`

Filtering Queries

Requirement	Query
Return logs that do not contain 404 in their raw text.	`not 404`
Return logs that contain FAIL in their raw text or have a fatal severity.	`FAIL or Severity = fatal`