Searching With Types

If you do not already know what types are, then you should check out theTypes Tutorial. Once incoming data has been mapped to types it is possible to filter data using them. To see a total count of how many types are currently in your system you can perform the following search.

| _type.count()

Here we can see that the typeslog4j and basic are available. Search functions can be applied to the system field _type.  To limit this search to the log4j  type use the following search

| _type.equals(log4j)

Logscape will update the facets to reflect the log4j type. The fields defined in the Logj type are summarised on the left hand side of the search page.

Performing the below search

| _type.equals(log4j)

Could be expected to have results such as these.

Once the search is limited to one type and the facets are populated with the fields from that datatype it becomes easy to drive the entire search experience using fields, i.e, the system field _host could be used to limit the sources of the data via a

* | _type.equals(log4j) _host.contains(LAB)

Or the level field used to control what level of message you see.

* | _type.equals(log4j) _host.contains(LAB) level.equals(FATAL)

Datatypes will be used extensively throughout your Logscape experience.