Skip to main content
Simple Search mode is the default way to filter and explore your logs. It provides autocomplete suggestions and an intuitive syntax for combining terms and attributes.

Autocomplete

When you click into the search bar, an interactive dropdown shows keys and values found in your log data. You can build queries by:
  • Selecting suggestions directly from the dropdown, or
  • Typing queries manually (e.g. host:127.0.0.1 level:error).

Free-text Search

Typing any word or sequence of characters will match log events that contain that text anywhere (case-insensitive). Examples:
  • error → matches events containing “error”
  • 127.0.0.1 → matches events containing that IP address
You can combine multiple terms with operators:
OperatorExampleDescription
ANDauthentication AND failureMatches events containing both authentication and failure.
ORauthentication OR passwordMatches events containing either authentication or password.
NOTNOT successMatches events that do not contain success.
Note: A space is treated as AND. For example, Mac OS matches events containing both Mac and OS (not necessarily adjacent). To match the exact phrase “Mac OS”, wrap it in quotes: "Mac OS".
You can search specific fields by using a colon-separated attribute and value:
  • level:error → matches logs with level equal to error
  • host:127.0.0.1 → matches logs with host equal to 127.0.0.1
Note: Attribute-value searches are case-sensitive.

Numerical Values

For numeric attributes, use comparison operators:
  • <, >, <=, >=, !=
Example: 
response_status:>400
Matches logs with response_status greater than 400.

Escaping Special Characters and Keywords

Wrap search terms in single ' or double " quotes if they contain:
  • Spaces
  • Special characters: :, =, >, <, !
  • Reserved keywords: AND, OR, NOT
Examples:
  • "Mac OS"
  • 'error:500'
  • "NOT"