Contents x
    Query Syntax
    • 1 Minute to read
    • Print
    • Dark
      Light
    • PDF
    Contents

    Query Syntax

    • 1 Minute to read
    • Print
    • Dark
      Light
    • PDF
    Article summary

    Retrace's log management allows you to view and search across all of your logs in one place. Full text indexing powered by Lucene/Elasticsearch is used to create powerful searching capabilities. Most Lucene style searches are supported.

    Tips for Searching Through Logs

    Operators

    By default, searches use the AND operator and must match all terms. These two queries are the same:

    1. word1<space>word2, e.g. code 200
    2. word1 AND word2, e.g. code AND 200
      Image

    Other boolean operators (in addition to AND) +, OR, negation (NOT, -, !) can be used as well as parentheses for grouping:

    1. Parenthesis/grouping sample: code (400 OR 500)
      Image

    2. Negation sample: -logType:winevent -logType:weblog-iis NOT level:info !level:notice
      Image

    Putting quotes around the search will require the terms to be matched as an exact phrase.

    “client 2017”

    Special Characters

    Only alpha-numeric characters are supported in basic searches. If you want to search for special characters you must put the search in quotes or escape them. To escape these characters use the "\" or backslash before the character. Special characters include:

    + & | ! ( ) { } [ ] ^ " ~ * ? :

    For example:

    1. Backslash, such as in a Windows path: C\:\\approot
    2. Slash (forward slash) in application paths such as: \/nwg in /nwg/Home/About
      Image

    Wildcards

    Wildcards are supported for some types of search queries.

    1. Multiple character wildcards:
      stack*, example*
      Image

    2. Single character wildcards:
      stac?ify, ???found
      Image

    Regular Expressions

    Regular expressions are supported and must be surrounded with forward slashes

    /.*.stackify.com/

    Searching for Log Levels

    To search for certain log levels such as "WARN" or "ERROR", use "level:xxxx":

    level:error

    Searching by Field Names

    By default, searches are run against all fields. You can optionally target specific fields, including standard fields and custom fields.

    Image

    • message:Mexico
    • level:debug
    • host:e2247ecfdc69
    • appname:ExampleJavaApp
    • env:Docker

    Image

    Range searches can also be used via the TO operator on numeric fields.

    Searching against the json field

    JSON field types:

    JSON Data TypeValue Kind
    Stringstring_value
    Numbernumber_value
    Datedate_value
    Booleanboolean_value

    Syntax:

    json.name:"<nameOfField>" json.value.<value_kind>:"<value>"

    Syntax Examples:

    json.name:"data.clientidnumber" json.value.number_value:"2107"

    json.name:"data.clientid" json.value.number_value:[24 TO 27]

    json.name:"data.clientid" json.value.number_value:[24 TO *]

    json.name:"container.id" json.value.string_value: "71f86477bf4dcafe8c5644ad2ff8b47857cd2def2fac73718f0fece3fb395235"

    "json": [
   {
     "name": "container.id",
     "value": {
       "value_kind": "String",
       "string_value": "71f86477bf4dcafe8c5644ad2ff8b47857cd2def2fac73718f0fece3fb395235",
       "number_value": null,
       "boolean_value": null,
       "date_value": null
     }
   },
  ...
]

    image.png

    Was this article helpful?
    What's Next