Search logs
NXLog Platform’s log search interface is designed to help you analyze your log data. To search your logs, navigate to Logs > Log search > Log discovery.
Perform a log search
The search toolbar allows you to combine multiple search conditions.
Complete the following steps to perform a search:
-
Navigate to Logs > Log search > Log discovery.
-
Configure your search conditions. You can use the Text search, SQL, or both fields:
-
The Text search only searches the
Message,Hostname,SourceModuleName, andSourceModuleTypefields. -
The SQL search searches all event fields. See Use the query builder for more information.
-
-
Configure the timeframe for your search by doing one of the following:
-
Select a custom timeframe using the date and time picker.
-
Select a relative timeframe using the dropdown.
-
-
Click the Search button to search your logs. If the button is inactive, hover over it to see why.
| To reset your search settings, select Clear all from the Actions dropdown. |
Use the query builder
The NXLog Platform log search includes a Query builder to help you create advanced queries.
Complete the following steps to use the query builder:
-
Click on the arrow icon to open the query builder.
-
The query builder provides a text or graphical view. You can switch between views by toggling Visual view. Note that changing the view clears the current query.
-
The text view allows you to write SQL queries directly, providing auto-complete suggestions and validating syntax in real-time.
-
The graphical view provides an interactive SQL query builder. It supports specifying comparison rules and grouping rules with
ANDandORoperators.
-
-
When ready, click Add to search to save the search conditions and close the Query builder.
Analyzing the log results
When a search returns results, you can use the interface to explore the details of that information.
You can drill down on the information by:
-
Changing the fields displayed for each entry of the search results table. Click a field’s icon or drag and drop fields on the sidebar to add, remove or reorder them on the table header. You can search for fields using the search component at the top. Once the fields are as intended, collapse this field management area to maximize the view.
Keep in mind that only time-related fields, such as EventTime, can be used to sort the columns of the search result table. -
Expanding a search result entry to view all the information in that individual entry. You can also copy the entry in JSON format.
-
Using the Timeline to show results for a specific time interval. Click on an individual bar or select multiple bars to restrict the displayed information to that time interval. You can also hover an individual bar to view the statistics for that time interval. Use the … dropdown menu to hide or move the timeline, to maximize the view.
Save a log search
Complete the following steps to save a search:
-
Navigate to Logs > Log search > Log discovery.
-
Configure the log search conditions. Keep in mind that saved log searches only include the Text search and SQL fields, not the timeframe fields.
-
Click the Actions dropdown and select Save search.
-
Enter a Name for the saved search and indicate if you want to allow other users within your organization to use this search.
-
Click the Save button.
| To load a saved log search later on, click on Saved searches and select the name of the saved search. |
Delete a saved log search
You can delete a saved log search if it’s no longer needed.
| Deleting a shared log search deletes it for all users. |
To delete a log search, complete the following steps:
-
Navigate to Logs > Log search > Log discovery.
-
Click the Saved searches dropdown.
-
Click on the delete icon for the log search you want to delete.
-
Click Delete to confirm.