FuseQL Reserved Fields

There are times that users may need to interact with the key fields during a FuseQL query. To address this, there are several reserved fields that can be used in FuseQL.

__kf_msg - This equivalent to the Message field from the Log Search Result. Regex matching is also optimized for __fk_msg with automatic substring extraction for improved query performance.
__kf_level - This equivalent to the Level field from the Log Search Result
__kf_source - This equivalent to the Source field from the Log Search Result

Query Example

__kf_msg =~ "ERROR.*connection.*timeout" __kf_level = "ERROR" and __kf_source = "nginx"

Alias Example

If you want to reorder the default log columns, you can use aliases. By using the alias with the reserved Field you can sent the order that the Alias fields will appear and disable the default fields from being displayed.

* | __kf_msg as LogMessage | __kf_level as LogLevel | __kf_source as LogSource