Let's say you want to search Apache logs for 503 response codes, covert that to a NRQL query using FACET, view it as pie chart, and add that chart to a dashboard. To switch from a Lucene syntax query to a NRQL query, to the right of the query builder click the NRQL button. You can modify the query there, or add it to a dashboard. This opens up a view of the NRQL that generated that chart. To see the NRQL version of a logs chart, click the ellipses menu on that chart and click View query. The following operators can only be used by numeric attributes: Search for log results that are missing the specified field. Search for log results that have the specified field. Example: The field hostname ends with chi. Search for log results where the attribute ends with the specified keyword specified. Example: The field hostname starts with chi. Search for log results where the attribute starts with the specified keyword specified. Example: The field hostname does not contain chi. Search for log results where the attribute does not contain the specified keyword. Example: The field hostname contains chi. Search for log results where the attribute contains the specified keyword. Example: The field hostname does not equal chi. Search for log results where the attribute does not equal the keyword specified. Search for log results where the attribute equals the keyword specified. The Logs query syntax accepts the following text operators: To return more specific query results, use text searches to join together keywords or phrases. If your term contains spaces or other metacharacters (see above), you'll need to quote the wildcarded term.Įxample, to query for a status attribute that contains /log/v1 202 somewhere in it, format the query like this: You can run wildcard searches using an asterisk ( *) to replace zero or more characters.Įxample: to query for a status attribute that contains with 202 somewhere in it, format the query like this: This includes special characters such as +, -, &, |, !, (, ),, , ^, ", ~, *, ?, :, /, or \.Įxample: To query for a status attribute containing exactly "POST /log/v1 HTTP/1.1" 202, escape the quotes like this: When a term contains special characters, double-quote the term and escape the special characters using a backslash ( \). Note: to query for a status attribute that contains POST /log/v1 somewhere in the attribute, you'll need to add wildcard characters like status: "*POST /log/v1*" (see below for details on wildcards) When a term contains whitespace characters such as the space or tab character, the term will need to be double-quoted.Įxample: To query for a status attribute that contains exactly POST /log/v1, quote the term like this: Attribute names are always case sensitive.Įxception: Wildcard searches are case insensitive for attribute values. The query syntax is case sensitive for attributes values.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |