.svg?alt=media&token=53895a79-2463-405c-8911-8e2f8eb3dc06)
Log Search
The Log Search module is a powerful tool designed to help users efficiently navigate and analyze large volumes of structured and unstructured log data. The Log Search feature addresses this challenge by enabling quick and effective searching across extensive log collections, providing results within seconds.
At its core, the Log Search queries and analyzes log data stored in the Elastic database. The module's architecture is built on index-based storage, where logs are structured, grouped, and stored based on index values. This approach allows efficient searching across specific log categories, significantly reducing search times and improving overall performance.
What do you see on the screen?
The log search page presents the data distribution of documents over time. A table lists the fields for each document matching the current data view. To narrow down the results, you can apply filters and customize the table to show only the fields you wish to explore.
Log Search Details | Fields
Label
Action/ Description
Top Panel
Data View
Select the type of Data view that needs to be present on the Log search page.
Query Menu
The query menu lets you save queries, including text, filters, and time ranges, for reuse across any query bar. For example, after building a query in Log Search with custom inputs, filters, and a time range, you can save it by embedding it in dashboards, creating visualizations, or sharing results via link or CSV. Saved queries also store Log Search settings like selected columns, sort order, and data view, making them ideal for adding search results to a dashboard.
Add Filter
Click to add a new filter based on Fields (@timestamp, @version, etc.), operator, and value.
Search
Click to search for particular multi-Index data using your KQL syntax.
Time Range
Easily adjust the time range of your time-based data by using the Calendar icon to select quick, preset, or custom time ranges, with options to refresh data automatically.
(Refer to the section below for more details)
Refresh
This refreshes a local multi-index field list.
Download
Users can generate a report for the Multi-Index created by clicking on the download section. Once the exported logs are generated in the Logs Export Configs module, they can be downloaded. The report, including the generated logs, will be available in PDF, CSV, and XLS formats.
Adjusting the Time Range
If your index contains time-based events and a time field is configured for the selected multi-index, you can display data within a specific time range. The time range is set to 15 minutes by default, but you can modify it to suit your needs.
Click the Calendar icon located on the top panel.
Choose from the following options:
Quick select: Set a time range based on a specific number of seconds, minutes, hours, or other units in the past or future.
Commonly used: Select a preset time range, such as the last 15 minutes, Today, or Week-to-date.
Recently used date ranges: Reapply a previously selected time range.
Refresh every: Set an automatic refresh interval for the data.
To customize the start and end times, click the bar next to the time filter. In the popup, choose between Absolute, Relative, or Now and configure the options as needed.
Modify the Document Table
You can adjust the appearance and content of the document table by resizing columns and rows, sorting fields, and applying filters to refine your document view.
Reorder and Resize Columns
To move a single column, click its header and select "Move left" or "Move right" from the dropdown menu.
To rearrange multiple columns, click "Columns," then drag and drop column names in the pop-up to reorder them.
To resize a column, drag the right edge of the column header until it reaches the desired width.
Adjust Row Height Click the row height icon (displayed as a table icon) to set the row height to either one or more lines or automatically adjust it to fit the content.
Sort Fields Data can be sorted by one or more fields in ascending or descending order. By default, sorting is based on the time field, from newest to oldest.
To sort a single field, click its column header and select the sort order.
To sort by multiple fields, click "Field sorted," choose the fields from the dropdown, and add them.
To reorder fields in the sort, drag them to the desired position.
Edit a Field You can modify how Infraon Infinity displays a field:
Click the column header for the field and select "Edit data view field."
In the "Edit field" form, change the field name and format as needed.
Filter Documents You can filter documents to focus on the specific data you're interested in:
Select the documents you wish to compare.
Click the "Documents selected" option and select "Show selected documents only."
Set Rows per Page To adjust how many rows are displayed per page, use the "Rows per page" menu. The default setting is 100 rows per page.
Inspect a Document You can explore an individual document to view its fields, apply filters, and review documents that occurred before or after it:
Click the expand icon (a double arrow) next to a document in the list.
You can view the document in two formats:
Table View: Displays fields and values in a row-by-row format.
JSON View: Shows how the document is returned from Elasticsearch.
In Table View, hover over the Actions column to:
Filter results to include or exclude specific fields or values.
Toggle a field on or off in the document table.
Pin a field to keep it at the top.
To navigate to the next or previous document, use the < and > arrows at the top of the view.
Click "Single document" to create a bookmarkable and shareable view of a document. The link will remain valid if the document is available in Elasticsearch.
To view documents before or after the current event, click "Surrounding documents." The same columns and filters from the Log search view will apply, with pinned filters remaining active and others copied in a disabled state.
Last updated