Deploying LOGIQ
INTEGRATIONS
LOGIQ Monitoring
Vewing Logs
ANOMALY DETECTION
COMPLIANCE
LOGIQ STREAMING
LOGIQ Configuration
Log Ingest configuration
LOGIQ Search Cheat Sheet
The following document describes how LOGIQ's log search functionality works.
Simple search
To carry out a simple search, type any word or series of words into the Search bar and click Search or hit Enter on your keyboard.
Search Bar
By default, LOGIQ scans for your search term(s) using the
and operator. If your search query contains more than one word, the search engine looks for occurrences that contain both words. For example, searching for the term Read Error returns records that contain both read and error and not necessarily in the same sequence. Searches are also not case sensitive. For example, searching for ReadError returns records that contain both read and error. Exact match
To search for exact matches of your search string, wrap your search string in double-quotes. For example, if you search for
"Read Error" the search results will only contain records that match the search string exactly. If no records are an exact match of the search string, the search does not yield any result. Advanced search
LOGIQ's advanced search feature supports the use of complex expressions in the search query. With this feature, you can include
and or or expressions, regular expressions, and mathematical symbols such as < and >. Note: LOGIQ only supports RE2 syntax while using regular expressions to construct advanced search queries. For more information on the RE2 syntax, visit the RE2 Wiki.
The following image depicts how you can conduct an advanced search within LOGIQ.
Advanced Search Dialog
Comparators
The following list contains comparison operators that you can use to build your advanced search query on LOGIQ.
Operator
Description
Function
==Equal to operator
Returns records if they are exact matches of the search string
>Greater than operator
Compares string literals lexicographically.
>=Greater than or equal to operator
Compares string literals lexicographically.
<Less than operator
Compares string literals lexicographically.
<=Less than or equal to operator
Compares string literals lexicographically.
=~Regex match operator
- Returns records that match the given search string.
- This operator only works with string literals.
- This operator does not match numerical values.
- You can use regular expressions with this operator.
!=Not equal to operator
- Returns records that do not match the given search string.
- This operator only works with string literals.
- This operator does not match numerical values.
- You can use regular expressions with this operator.
Things to consider
LOGIQ uses the Porter stemmer algorithm while creating the index. The Porter algorithm stems strings such as "argue", "argued", "argues", "arguing", and "argus" to the stem "argu". Searching for "argue" or "argued" or "argu" in LOGIQ yields the same results due to the employed stemmer algorithm.
This also implies that only valid stems can return search results. LOGIQ ignores stems with lengths less than 3 characters. Searching for
message =~ '\\d{3}' yields no results since stemming \\d{3} does not generate any stems. Custom Indices
LOGIQ custom indices help deliver exponentially faster search experiences while working with sparse data. You can create Log2Metrics for your logs to generate custom indices. Each Log2Metrics definition creates additional indices based on search matches. For example, a Log2Metric defined to monitor ingress with a status code as a label called
ingress_code__e1001e can generate supplementary indices such as ingress_code__e1001e_status_code_401, ingress_code__e1001e_status_code_500, and so on.Note: For more information on creating Log2Metrics for your logs, refer to Metrics and Custom Indices.
Stop words
LOGIQ never indexes the following words.
- able
- about
- across
- after
- all
- almost
- also
- among
- and
- any
- are
- because
- can
- cannot
- could
- dear
- did
- does
- either
- else
- ever
- every
- for
- from
- got
- had
- has
- have
- her
- his
- how
- however
- into
- its
- just
- least
- let
- like
- likely
- may
- might
- most
- must
- neither
- not
- off
- often
- only
- other
- our
- own
- rather
- said
- say
- says
- she
- should
- since
- some
- than
- that
- the
- them
- then
- there
- these
- they
- this
- tis
- too
- twas
- wants
- was
- were
- what
- when
- where
- which
- while
- who
- will
- with
- would
- yet
- you
- your
​
Last modified 3mo ago
Export as PDF
Copy link