The Metricsmine query language is used to select a set of events from your log data. It is used in searches and graphs, alert triggers, report definitions, and elsewhere. Here are some sample queries.
All log messages containing the word "error":
To search for text containing spaces, digits, or punctuation, enclose it in quotes:
Access log events showing a request for "/index.html":
Log messages containing the phrase "deadline exceeded", from servers tagged as part of a database tier:
"deadline exceeded" server="*database*"
A query can contain any number of terms. To select events matching all of the terms you can simply enter the terms next to one another:
To search for a word, simply type that word. This forms a search term, which can be combined using explicit or implicit AND/OR. Here is a query which matches all events containing the word "hello" and at least one of "sir" or "madam":
hello (sir || madam)
To search for a more complex string, enclose it in single or double quotes:
You can also search using wildcard expressions. Enclose the expression in double quotes:
All of these terms search in the message field of an event. This field contains the complete text of the log message. However, you can also search in other fields.
You may also use parameters to indicate specific fields such as service, instance, type, hash, id, url, or file.
To perform a string match, use field keyword:
instance="control-server-*" url="/profiles*" type="debu" group="control-server"
All text search is case-insensitive.
The most powerful searches rely on event fields.
You can select events which do or do not have a particular value, using the : and !: operators. : can be used as a synonym for = or ==
For field comparison operators, strings are treated as case sensitive.
GET STARTED FOR FREE
Free for 7 days. No credit card required.