You can search and filter log events in the Explore Logs page.
To find only events that contain the specified keywords, enter any complete keywords, globs, or phrases in the search text box and click Search.
You can specify the time range on either the Dashboards or Explore Logs pages in the web user interface. Time ranges are inclusive when filtering.
You can search for log events that match certain values of specific fields. Using quoted text in the main search field matches exact phrases. Entering space in the main search field is a logical AND operator. Search uses only full tokens. For example, searching for "err" does not find "error" as a match.
You can enter the field search criteria, or filters, by using the drop-down menus and the text box above the list of log events.
The text contains filter treats each comma-separated value as a complete keyword.
Queries with fields using the internal query language syntax names, for example, from or in, are not able to be processed and should not be used.
You can combine multiple field filters by creating a filter row for each field. You can toggle the operator that is applied to multiple-row filters .
- To apply the AND operator, select all.
- To apply the OR operator, select any.
You can use globs in search terms. For example, vm* or vmw?re.
- For 0 or more characters, use *.
- For one character, use ?.
