LOGIQ Search Cheat Sheet
To carry out a simple search, type any word or series of words into the Search bar and click Search or hit Enter on your keyboard.
By default, LOGIQ scans for your search term(s) using the and operator. If your search query contains more than one word, the search engine looks for occurrences that contain both words. For example, searching for the term Read Error returns records that contain both read and error and not necessarily in the same sequence. Searches are also not case sensitive. For example, searching for ReadError returns records that contain both read and error.
To search for exact matches of your search string, wrap your search string in double-quotes. For example, if you search for "Read Error" the search results will only contain records that match the search string exactly. If no records are an exact match of the search string, the search does not yield any result.
LOGIQ's advanced search feature supports the use of complex expressions in the search query. With this feature, you can include and or or expressions, regular expressions, and mathematical symbols such as < and >.
Note: LOGIQ only supports RE2 syntax while using regular expressions to construct advanced search queries. For more information on the RE2 syntax, visit the RE2 Wiki.
The following image depicts how you can conduct an advanced search within LOGIQ.
The following list contains comparison operators that you can use to build your advanced search query on LOGIQ.
Operator | Description | Function |
| Equal to operator | Returns records if they are exact matches of the search string |
| Greater than operator | Compares string literals lexicographically. |
| Greater than or equal to operator | Compares string literals lexicographically. |
| Less than operator | Compares string literals lexicographically. |
| Less than or equal to operator | Compares string literals lexicographically. |
| Regex match operator |
|
| Not equal to operator |
|
LOGIQ uses the Porter stemmer algorithm while creating the index. The Porter algorithm stems strings such as "argue", "argued", "argues", "arguing", and "argus" to the stem "argu". Searching for "argue" or "argued" or "argu" in LOGIQ yields the same results due to the employed stemmer algorithm.
This also implies that only valid stems can return search results. LOGIQ ignores stems with lengths less than 3 characters. Searching for message =~ '\\d{3}' yields no results since stemming \\d{3} does not generate any stems.
LOGIQ custom indices help deliver exponentially faster search experiences while working with sparse data. You can create Log2Metrics for your logs to generate custom indices. Each Log2Metrics definition creates additional indices based on search matches. For example, a Log2Metric defined to monitor ingress with a status code as a label called ingress_code__e1001e can generate supplementary indices such as ingress_code__e1001e_status_code_401, ingress_code__e1001e_status_code_500, and so on.
Note: For more information on creating Log2Metrics for your logs, refer to Metrics and Custom Indices.
LOGIQ never indexes the following words.
able
about
across
after
all
almost
also
among
and
any
are
because
can
cannot
could
dear
did
does
either
else
ever
every
for
from
got
had
has
have
her
his
how
however
into
its
just
least
let
like
likely
may
might
most
must
neither
not
off
often
only
other
our
own
rather
said
say
says
she
should
since
some
than
that
the
them
then
there
these
they
this
tis
too
twas
wants
was
were
what
when
where
which
while
who
will
with
would
yet
you
your
​
