Searching with Logical Operators

We’re proud to announce substantial improvements to our search functionality, providing you with a simple search language to perform powerful complex queries on your log events. You can now use AND, OR, and NOT to search for different combinations of keywords.

Dive into the full details of our new search features here >> or read on for a quick overview.

Logical Operators: AND, OR, NOT

You can now use AND to search for events that contain multiple keywords, OR to search for events that contain at least one of a group of keywords, and NOT to search for events that do contain a keyword. 

Example: to search for log events that contain Windows NT 6.1 and POST but not 200

Local Operators for Log Management

Grouping

Oftentimes you’ll want to use multiple logical operators in the same search in order to perform complex queries. You can use parenthesis to group your search terms.

Example: To search for log events that contain HTTP and GET or POST, but do not contain 200 or 301.

Local Operators for Log Management

Advanced Search: Combining the Search Language with Regex

By combining the search language with the power of regular expressions you can perform powerful, advanced searches. To include a regular expression in your search, simply start your regular expression with a /

Example: Say you wanted to find all log events that contained an ip address in the range 173.127.100.1 to 173.127.100.999 and email address hello@logentries.com. You can run the following search:

Local Operators for Log Management

Search Syntax Notes:

  • When searching for two keywords, AND is the default (i.e. searching hello@logentries.com AND 200 is equivalent to searching hello@logentries.com 200)
  • Multiple word search terms must be enclosed by quotes (“”) to be interpreted correctly as one search term and not as multiple one word search terms. (i.e. searching “logentries test” will return all log events containing the multiple word phrase “logentries test”, while search logentries test will return all log events containing the word “logentries” and the word “test”)
  • AND, OR, and NOT must be capitalized
  • A minus sign, – , can be used as an alternative for NOT
  • Groups must be enclosed by parenthesis

Learn More about Logentries Search here>>


Ready to start searching your own logs with Logentries? Sign up here and get your own free forever account.

Posted in Feature, Linux, Search, Tips & Tricks, Windows

Leave a Reply