Searching Logs

🔍 Log Search Interface Overview :

Supported Splunk - SPL Commands

Our system supports the following SPL (Search Processing Language) commands:

1. Search: Searches for events that match the specified criteria. Read more.
2. Regex: Matches events with a regular expression. Read more.
3. Dedup: Removes duplicate events that share common values. Read more.
4. Transaction: Groups events that are related to the same transaction. Read more.
5. Stats: Computes summary statistics for your events. Read more.
6. Timechart: Creates time-based charts from your events. Read more.
7. Eval: Evaluates expressions and adds the result to your events. Read more.
8. Rex: Extracts fields using regular expression named groups. Read more.
9. Sort: Sorts events based on specified fields. Read more.
10. Head: Returns the first N events from your search results. Read more.
11. Fields: Selects which fields to keep or remove from your events. Read more.
12. Top: Returns the most frequent values of a field. Read more.
13. Rare: Returns the least frequent values of a field. Read more.
14. Rename: Renames fields in your events. Read more.

For detailed usage and examples, please refer to the specific command documentation.

⭐ Steps for Using the Logs Search ⭐

1. Select or Enter Queries:

   • You can either select a query from the info icon or enter your own.

     

2. Choose Query Type:

   • Select which type of query you want to search: SQL, Splunk QL, LogQL.

     

3. Select Index:

   • Choose an index from the index dropdown.

     

4. Set Time Range:

   • Select the time range for the query.

     

     ⭐ SQL Query Examples ⭐

     SELECT first_name AS firstnames, country AS origincountry FROM `ind-0`

     

     SELECT * FROM `ind-0` ORDER BY latency ASC

     

     SELECT MAX(latency), COUNT(city) FROM `*` GROUP BY country, gender LIMIT 10

     

     SELECT min(latency), COUNT(city) FROM `*` WHERE gender = male GROUP BY country LIMIT 10

     

     select 1 as one,'word' as word,city from `ind-0`

     

     ⭐ Splunk QL Query Examples ⭐

     city=Boston | stats count AS Count BY weekday | where Count / 2 > 6 OR weekday = "Saturday"

     

     http_method=POST | regex city="^[a-zA-Z]+\s[a-zA-Z]+$" | fields city

     

     city=Boston | stats count AS Count BY state | eval myField=state . " start:" . rtrim(state, "nd")

     

     city=Boston | stats count AS Count BY state | eval myField=if(in(state, "Mary" . "land", "Hawaii", 99 + 1), state, "Error")

     

     city=Columbus | stats count AS Count BY http_status | eval sqrt=sqrt(http_status + 200)

     

     ⭐ Log QL Query Examples ⭐

     {gender="female",city="Fresno"} != "batch-212"

     

     {gender="female"} | json

     

     {gender="female"} | logfmt

     

     {gender="female",city="Fresno"} | json city_life="city", single_gender="gender[0]"

     

     {gender="female",city="Fresno"} | logfmt city_life="city", single_gender="gender", host