Logs Management
Log Explorer
Syntax for Log Querying
6 min
this guide explains the powerful and concise syntax for building precise queries the basics the core of a filter is a simple expression with three parts a field , an operator , and a value ?filter=\<field>\<operator>\<value> example to find all logs with an active status, you would use /logs?filter=status=active combining multiple filters to combine multiple conditions, simply add another filter parameter all filters are joined with a logical and , meaning all conditions must be true for an item to be included in the results operators reference the following table details all available operators, from simple equality checks to powerful string and existence matching operator name description example (user typed) equality & set operations = equals finds items where the field is an exact match for a single value level=error = in finds items where the field matches any value in a comma separated list http status=404,500,503 != not equals finds items where the field does not match a single value env!=local != not in finds items where the field does not match any value in a list k8s namespace!=kube system, default numeric comparisons > greater than finds items where the field's numeric value is greater than the given value latency ms>500 < less than finds items where the field's numeric value is less than the given value cpu usage<0 5 >= greater than or equal to finds items where the field's value is greater than or equal to the value retries>=3 <= less than or equal to finds items where the field's value is less than or equal to the value stock count<=10 string matching contains finds items where the field contains the given substring (case insensitive) message database connection ! does not contain finds items where the field does not contain the given substring path! healthcheck ^ starts with finds items where the field starts with the given string user name^alex existence checks + field exists finds items where the specified field exists (is not null) +error code field does not exist finds items where the specified field does not exist (is null) http user agent example 1 debugging production errors goal find all erroror criticallevel logs from the productionenvironment that are related to the auth serviceand have an error codefield present /logs?filter=env=production\&filter=service=auth service\&filter=level=error,critical\&filter=+error code example 2 monitoring api performance goal find slow api requests (> 1000ms) that resulted in a server error, excluding routine health checks from the monitoring system /logs?filter=latency ms>1000\&filter=http status>=500\&filter=source! monitoring bot example 3 auditing user activity goal find all login attempts for users whose email does not start with "test" and who were logging in from a country other than the "us" or "ca" /logs?filter=action=user login\&filter=user email!^test\&filter=geo country!=us,ca quick reference cheatsheet syntax action field=value field is equal to value field=val1,val2 field is in ( val1 or val2 ) field!=value field is not equal to value field!=val1,val2 field is not in ( val1 or val2 ) field>500 field is greater than 500 field text field contains text field! text field does not contain text field^prefix field starts with prefix +field field must exist field field must not exist \&filter= combine filters with and