Loggly

Search & Graph Basics

Loggly's search interface looks like a bit like a terminal shell, but it's actually a powerful search interface written in JavaScript and some code downloaded from a space probe NASA built in the 70s.

You can access the shell by typing in a key term in the shell input box at the top of each page. Searching in the shell is as easy as typing something like:

search HTTPS

Search or Graph

Keep in mind that "search" and "graph" take the same command line parameters. If you can search on it, you can graph on it.

Operators

If you want to search for a couple of terms, simply type them in after the search command:

search 404 .img

You can force both terms to be found by including an operator like 'AND' in the search:

search 404 AND .img

If you don't want a term returned, then use the 'NOT' operator:

search 404 NOT .png

Searching JSON data

If you're logging JSON data, field extraction becomes possible and searching is even more powerful. You'll need to use a slightly different syntax to search through your logs. Read more on how to log JSON data.

search json.<field>:<value>

example:

search json.severity:critical
search json.eggs:fried AND json.toast:butter
search json.responseCode:[500 TO 599]
search json.size:[1024 TO *]

Input Names and IPs

If you have multiple inputs (and you should) you can specify searching for data from just one of them:

search inputname:webheads 404 AND .jpg

Or, if you want to search only a single box sending to a given input you can do:

search ip:10.0.20.203 inputname:webheads 404 AND .jpg

Note: The value following ip: is the IP address of the box sending the data. Loggly also supports machine names and tags to allow further refinement in the search results.

Detailed help on searching with Loggly's super duper shell is available on the the Search Guide page.