Advanced Search for Logs

Advanced Search operates like a pipeline, progressively narrowing down results to help you find exactly what you need. Each operator, separated by a pipe (|), builds on the results of the previous one. This enables you to filter and focus your search with precision as you move through the pipeline.

Use Advanced Search in the Logs List, Time Series, Table, and Pie Chart views.

Here is an example:

source="query-service" and @duration | (1)
@duration as duration | (2)
count_unique(fingerprint) by (duration) | (3)
toDuration(duration) as IntNanoseconds (4)
1 Log search expression, where duration is a facet, and source is a label.
2 Ensure that duration appears in results; an alias.
3 Calculate unique count of fingerprints by duration.
4 Convert type to integer that represents the nanosecond value, as IntNanoseconds alias.

  • To use existing results in subsequent steps of the pipeline, reference them using a leading underscore character, _.

  • The Fingerprints option is disabled until we expand FuseQL to support Fingerprints.

  • The Time Series option is disabled because the query does not use a time slice.
Advanced Search Select Function Complete and Run Expression See Results in Table View Advanced Search Select Function Complete and Run Expression See Results in Table View