- 1 Minute to read
- Print
- DarkLight
- PDF
Query Syntax
- 1 Minute to read
- Print
- DarkLight
- PDF
Retrace's log management allows you to view and search across all of your logs in one place. Full text indexing powered by Lucene/Elasticsearch is used to create powerful searching capabilities. Most Lucene style searches are supported.
Tips for Searching Through Logs
Operators
By default searches use the AND operator and must match all terms. These two queries are the same:
client 2017
client AND 2017
Boolean operators AND, +, OR, NOT, - can be used as well as parentheses for grouping:
client (2107 OR 2106)
Putting quotes around the search will require the terms be matched as an exact phrase.
“client 2017”
Special Characters
Only alpha-numeric characters are supported in basic searches. If you want to search for special characters you must put the search in quotes or escape them. To escape these characters use the "\" or backslash before the character. Special characters include:
+ & | ! ( ) { } [ ] ^ " ~ * ? :
For example:
“http://stackify.com”
C\:\\approot
Wildcards
Wildcards are supported for some types of search queries. Multiple character wildcards:
stack*
Single character wildcards:
stac?ify
Regular Expressions
Regular expressions are supported and must be surrounded with forward slashes
/.*.stackify.com/
Searching by Field Names
By default searches are ran against all fields. You can optionally target specific fields including standard fields and custom fields. Range searches can also be used via the TO operator on numeric fields.
message:client
level:error
data.clientid:2107
data.clientid:[24 TO 27]
data.clientid:[24 TO *]
host:server1
appname:app1
stackify.envid:1
Searching for Log Levels
To search for certain log levels such as "WARN" or "ERROR", use "level:xxxx":
level:error