Come join our live training webinar every other Wednesday at 11am PST and hear LogicMonitor experts explain best practices and answer common questions. We understand these are uncertain times, and we are here to help!
This cheatsheet usage provides tips for the LM Logs query language.
LogicMonitor reserved fields are indicated by a leading underscore. If you’re not sure what to search for, you can always start by typing a underscore into the query bar to see the list of reserved fields.
Searching with logical operators supports NOT, AND, and OR to combine filters.
_resource.name=winserver01 AND type=winevents
_resource.group.name="Linux Servers" OR _resource.name~linux
Any free text search will search only the raw log message for matches.
Returns events if the pattern exactly matches the field value.
field="word with special characters"
Returns events using glob expressions to match similar field values. Fuzzy matching is not case sensitive.
field~"word with special characters"
Returns events using regular expressions to match field values. Regular expressions need to be put inside of front slashes, / /.
If there is a parsing error with your query, it may be caused by incorrect syntax.
For raw logs, the timeout is 2 minutes. A timeout may occur when the time range for the search is too long, such as 30 days, and depends on the volume of ingested logs that you are searching. If the search has a timeout error, we recommend decreasing the time range.
In This Article