Articles

    Your First Search

    For more tutorials check out the Tutorials section.

    Today we're going to be showing the power of the Logscape search, log in with any account.

    Click sign in.

    Click the search icon to be taken to the search page.

    Click the search bar, and let's start writing our search.

    I'm going to start with an asterisk so as to bring in everything when I run my search.

    The results of this wildcard search aren't very useful to me, lets narrow the criteria.

    A _host.contains filter will limit the search results to hostnames which match the search criteria.

    My search is now * | _host.equals(alteredcarbon.local) so I will only get values from that host

    Next let's limit the type, I'm interested in log information from Java applications and using types I can limit my search to this.

    The types facet now displays all of the types that were found in my search, as I'm interested in java applications I'm going to select log4j as my type.

    Click the arrow to limit your search to a specific type.

    After clicking a type my search has automatically updated to * | _host.equals(alteredcarbon.local) _type.equals(log4j)This means I am only searching data from Altered Carbon, and only where the type is log4j.

    I'm interested in the level of different log messages that have occurred on this host, clicking level will list not only what levels have occurred, but also how many in this time period.

    As you can see in the last 30 minutes altered carbon has had 1912 INFO events, 538 ERROR and 146 WARN.

    I'm going to click the include click, in order to add ERROR to my search.

    As you can see level.equals(ERROR) has been added to my search. I've now got some interesting data but my chart representation isn't really helping. Lets change that.

    Clicking the Graph icon will create a popup with all the different type of graphs you can use.

    I'm going to select a table view for my graph.

    chart(table) has been added to my search, but there is no chart? That's because there is no value in this search that a chart can display.

    I added a level.count() which can be displayed in a table view, unfortunately I'm still limited by my level.equals(ERROR) filter, so I'm only seeing ERROR statistics

    Lets remove level.equals(ERROR) from our search.

    We can now see WARN and ERROR there is one additional value, but the table isn't big enough to display it!

    We can click on New search and give it our own name

    I named my search "Altered Carbon Exceptions" then hit the save tick.

    That's it. You've finished your first Logscape search. This search can be used on workspaces or in alerts.The Logscape search syntax is incredibly powerful - You can read more at http://logscape.github.io/searching-cheatsheet.html