Query Syntax

Retrace's log management allows you to view and search across all of your logs in one place. Full text indexing powered by Lucene/Elasticsearch is used to create powerful searching capabilities. Most Lucene style searches are supported.

Tips for Searching Through Logs

Operators

By default searches use the AND operator and must match all terms. These two queries are the same:

client 2017

client AND 2017

Boolean operators AND, +, OR, NOT, - can be used as well as parentheses for grouping:

client (2107 OR 2106)

Putting quotes around the search will require the terms be matched as an exact phrase.

“client 2017”

Special Characters

Only alpha-numeric characters are supported in basic searches. If you want to search for special characters you must put the search in quotes or escape them. To escape these characters use the "\" or backslash before the character. Special characters include:

+ & | ! ( ) { } [ ] ^ " ~ * ? :

For example:

“http://stackify.com”

C\:\\approot

Wildcards

Wildcards are supported for some types of search queries. Multiple character wildcards:

stack*

Single character wildcards:

stac?ify

Regular Expressions

Regular expressions are supported and must be surrounded with forward slashes

/.*.stackify.com/

Searching by Field Names

By default searches are ran against all fields. You can optionally target specific fields including standard fields and custom fields. Range searches can also be used via the TO operator on numeric fields.

message:client

level:error

data.clientid:2107

data.clientid:[24 TO 27]

data.clientid:[24 TO *]

host:server1

appname:app1

stackify.envid:1

Searching for Log Levels

To search for certain log levels such as "WARN" or "ERROR", use "level:xxxx":

level:error