How to search through your logs in LOGIQ

How to search through your logs in LOGIQ

Mar 9, 2021

Your Logiq dashboard has incredible search capabilities. Today's episode of Lessons in Logiq will show you exactly how easy search through your logs in Logiq can be.

To begin, let's log in and navigate to the Search tab on your Logiq dashboard. The Search function starts at the namespace level. You can select a namespace from the dropdown menu to begin searching. Let's choose the namespace "demo: kube-system" from the dropdown menu. To further refine your search results, you can also add a Process ID. Let's pick the process ID "gke-metrics-agent". You can also select a time range to further filter your search results. Let's choose a time range of 1 hour and search for the occurrence of a prevalent pattern, like "error" and then click "Search".

The results of our search query are now displayed on the page. We can see that the results are already filtered based on the criteria we specified with the search query. The pattern we searched for is also highlighted in the search results. Let's check more details of the first search result by clicking on the arrow icon. We can further copy the log in the JSON format, context logs, or even create a new metric from this log that you can use to send an alert based on an event via Slack, email, PagerDuty, or webhook.

The advanced search feature takes things a few steps further. Using advanced search, you can further drill down into logs from your search results. Let's assume we need to look for all patterns originating from a particular host called "gke-demo-default-pool". To achieve this, we first copy the hostname and click on Advanced Search. In the new modal window that pops up, choose hostname from the dropdown menu and then paste the hostname you just copied. Click OK and then click Search again.

You'll now notice that your search results are further refined based on the condition you just specified. You'll also see a time series graph that shows details like count and interval.

Search on Logiq lets you add more levels of refinement, allowing you to dig as deep into your logs as you'd like to. Assume we want to narrow in on an event called "test" occurring in the hostname we specified. Click on Advanced Search, and then click on the "AND" filter. Choose Event from the dropdown menu and type in "test" in the text box. Click OK and then Search. The search results will now be filtered to display events with the pattern "test" in them. Search results can also be filtered by labels. Type the word "label" in the secondary search bar. Your labels will now appear in the sidebar. Selecting the label you'd like to filter by further refines your search results by the label.

You can also bookmark these searches by clicking on the star icon in the search bar. Bookmarking searches prevent you from having to type these queries repeatedly for future searches. Bookmarked queries can be accessed by clicking on the down arrow icon in the search bar. You can modify and bookmark as many search queries as you'd like to. Bookmarked search queries can also be deleted individually or all at once.

As you can see, the search feature on Logiq has incredible capabilities allowing you to view your logs in great detail. That's it for this video on Lessons in Logiq. Do drop a comment and tell us what you'd like to see in future Lessons in Logiq.