Query Language Overview

The Logs query language expands the standard search capabilities beyond keyword searches and filtering by resource, group, pipeline, and time range. With the additional flexibility of combining filters with logical operators, filtering events based on fields and values parsed from your logs, and matching patterns with glob expressions and regular expressions, you can:

• Narrow down information to quickly find relevant logs when troubleshooting. 
• Summarize activity from log messages over a time range for reporting or alerting.

Using the Query Bar

Searching and filtering is done from the query bar which is located at the top of the Logs page. 

Using Autocomplete

When you type into the query bar, the autocomplete menu will open and provide a list of options based on what you’ve entered and the information that you have in your logs.

If you select a field from the list or type in the field name, autocomplete will then suggest possible values for that field.

After you enter a complete keyword or field=value pair, autocomplete will continue to provide suggestions to help you build the query. For example, you may see options for logical operators: AND, OR, and NOT.

Changing the Time Range

Select from a list of time ranges in the upper right corner, or manually define a time range to review. The default time range is set to 15 min. You can also change the time range by dragging and selecting within the graph. Then, to revert to your last time range, click the Exit graph zoom icon.

Running the Search

Searches do not execute automatically. When you’re done building your query, click the Search icon to run it.

Viewing Search History

You can view and manage your Recent Searches by clicking the Clock icon on the left of the query bar. The Recent searches menu shows the last 10 searches in your history. You can remove individual or clear all searches from this list. 

Saving a Search

Save a search by clicking the Star icon to the right of the query bar.