Come join our live training webinar every other Wednesday at 11am PST and hear LogicMonitor experts explain best practices and answer common questions. We understand these are uncertain times, and we are here to help!
Use the query bar to write the query to filter your logs.
If you don’t know where to start, type an underscore into the query bar. Autocomplete will show a list of the LogicMonitor reserved fields, such as resource names, resource groups, log alert severity, anomaly type, and so on.
The filtering query can include fields and values combined with logical operators.
The query language is flexible and supports a few different ways to help you filter and narrow down your search for logs: keywords, exact match, fuzzy match, and regex match.
You can use the logical operators AND, OR, and NOT to combine multiple filters to narrow your search for logs. Autocomplete will suggest logical operators after you enter a complete keyword or field=value pair.
The following examples illustrate the syntax for searching and filtering logs with the query language. For more usage examples, see Logs Search Cheatsheet.
Return logs from resources named “winserver01” or “win-server01” if their message field contains the keyword “error”.
error AND _resource.name=winserver01,"win-server01"
An alternate way to write this search is:
error AND ( _resource.name=winserver01 OR _resource.name="win-server01" )
Return logs from any resource that contains the word “linux” in its name if the message field contains the keyword “Invalid login”.
"Invalid login" AND _resource.name~linux
The following examples show searching groups and subgroups. These examples assume that you have access to groups with the full path “Pods/p02.prod” and “Kubernetes Cluster: services/p01-us-west”.
To search logs for all its subgroups and direct devices:
_resource.group~/Pods\/p02.prod($|\/)/
To search logs only for its direct devices:
_resource.group="Pods/p02.prod"
To search logs by the group name, regardless of the parent group:
_resource.group.name~"p01-us-west"
You can query non-reserved fields using the field name (including nested field names). For example, to search for GET requests, you would use the query:
method=GET
In This Article