We’re proud to announce substantial improvements to our search functionality, providing you with a simple search language to perform powerful complex queries on your log events. You can now use AND, OR, and NOT to search for different combinations of keywords.
Dive into the full details of our new search features here >> or read on for a quick overview.
Logical Operators: AND, OR, NOT****
You can now use AND to search for events that contain multiple keywords, OR to search for events that contain at least one of a group of keywords, and NOT to search for events that do contain a keyword.
Example: to search for log events that contain Windows NT 6.1 and POST but not 200
Oftentimes you’ll want to use multiple logical operators in the same search in order to perform complex queries. You can use parenthesis to group your search terms.
Example: To search for log events that contain HTTP and GET or POST, but do not contain 200 or 301.
Advanced Search: Combining the Search Language with Regex
By combining the search language with the power of regular expressions you can perform powerful, advanced searches. To include a regular expression in your search, simply start your regular expression with a /
Example: Say you wanted to find all log events that contained an ip address in the range 18.104.22.168 to 22.214.171.1249 and email address email@example.com. You can run the following search:
- When searching for two keywords, AND is the default (i.e. searching firstname.lastname@example.org AND 200 is equivalent to searching email@example.com 200)
- Multiple word search terms must be enclosed by quotes (“”) to be interpreted correctly as one search term and not as multiple one word search terms. (i.e. searching “logentries test” will return all log events containing the multiple word phrase “logentries test”, while search logentries test will return all log events containing the word “logentries” and the word “test”)
- AND, OR, and NOT must be capitalized
- A minus sign, – , can be used as an alternative for NOT
- Groups must be enclosed by parenthesis
Learn More about Logentries Search here>>