Skip to main content

Searching Logs

🔍 Log Search Interface Overview :

Supported Splunk - SPL Commands

Our system supports the following SPL (Search Processing Language) commands:

  1. Search: Searches for events that match the specified criteria. Read more.
  2. Regex: Matches events with a regular expression. Read more.
  3. Dedup: Removes duplicate events that share common values. Read more.
  4. Transaction: Groups events that are related to the same transaction. Read more.
  5. Stats: Computes summary statistics for your events. Read more.
  6. Timechart: Creates time-based charts from your events. Read more.
  7. Eval: Evaluates expressions and adds the result to your events. Read more.
  8. Rex: Extracts fields using regular expression named groups. Read more.
  9. Sort: Sorts events based on specified fields. Read more.
  10. Head: Returns the first N events from your search results. Read more.
  11. Fields: Selects which fields to keep or remove from your events. Read more.
  12. Top: Returns the most frequent values of a field. Read more.
  13. Rare: Returns the least frequent values of a field. Read more.
  14. Rename: Renames fields in your events. Read more.
  15. Where: Filters events based on a specified condition. Read more.
  16. Tail: Returns the last N events from your search results. Read more.
  17. Makemv: Converts a field with delimiters into a multi-value field. Read more.
  18. Format: Formats field values according to specified templates. Read more.
  19. Streamstats: Computes running statistics on your events. Read more.
  20. Bin: Groups numeric values into bins or ranges. Read more.
  21. Fillnull: Replaces null values with specified values. Read more.
  22. Mvexpand: Expands multi-value fields into separate events. Read more.
  23. Gentimes: Generates events for specified time ranges. Read more.
  24. Inputlookup: Retrieves data from lookup tables. Read more.

For detailed usage and examples, please refer to the specific command documentation.

⭐ Steps for Using the Logs Search ⭐

  1. Select or Enter Queries:

    • You can either select a query from the info icon or enter your own.

      Query Search

  2. Choose Query Type:

    • Select which type of query you want to search: Splunk QL, LogQL.

      log-query Type

  3. Select Index:

    • Choose an index from the index dropdown.

      log-index

  4. Set Time Range:

    • Select the time range for the query.

      log-time-range

      ⭐ Splunk QL Query Examples ⭐

      city=Boston | stats count AS Count BY weekday | where Count / 2 > 6 OR weekday = "Saturday"

      spl-1

      http_method=POST | regex city="^[a-zA-Z]+\s[a-zA-Z]+$" | fields city

      spl-2

      city=Boston | stats count AS Count BY state | eval myField=state . " start:" . rtrim(state, "nd")

      spl-3

      city=Boston | stats count AS Count BY state | eval myField=if(in(state, "Mary" . "land", "Hawaii", 99 + 1), state, "Error")

      spl-4

      city=Columbus | stats count AS Count BY http_status | eval sqrt=sqrt(http_status + 200)

      spl-5

      ⭐ Log QL Query Examples ⭐

      {gender="female",city="Fresno"} != "batch-212"

      logql-1

      {gender="female"} | json

      logql-2

      {gender="female"} | logfmt

      logql-3

      {gender="female",city="Fresno"} | json city_life="city", single_gender="gender[0]"

      logql-4

      {gender="female",city="Fresno"} | logfmt city_life="city", single_gender="gender", host

      logql-5