Search Log Data

Searching your logs is the primary way to explore and analyze events in Logpoint. It allows you to find relevant information across all connected log sources and understand what is happening in your environment.

Ways to Search

Logpoint provides multiple ways to run a search, enabling you to reuse existing queries or build new ones based on your workflow.

Enter a search query Use the Search bar at the top of the Search page to type or paste a search query.
Reuse recent searches Select a query from My Search History. Logpoint automatically saves your recent searches so you can reuse them.
Use saved searches Run a search from My Saved Searches to reuse queries you have explicitly saved for future use.
Apply search templates Select a Search Template, or click All Search Templates to browse and apply templates that help you build queries without starting from scratch.
Search by labels Click a label to find other log files or events with the same label.
Use vendor search templates Select a Vendor Search Template that includes out-of-the-box searches for specific log source integrations.
Run searches from search packages Go to Search Packages to access groups of saved searches, making it easier to find and reuse frequently used queries.
Modify and rerun searches Change the search query, time range, or repository to refine results or rerun the exact search in a different context.

Pause and restart a running search, or stop it entirely, using the Pause (left) and Stop (right) icons located to the right of the search bar.

Search Settings

Before running a search, review the following settings to ensure accurate results and optimal performance.

Select the repositories that consist of the logs to search. You can select multiple repositories, but avoid searching all repositories at once, as this can impact Logpoint performance.
Repositories are grouped by Distributed Logpoints (DLPs) or by repository. Click Change to select the repositories within a group.
Define the search time period. The default time range is Last 10 minutes.
You can choose a relative time range (for example, Last 1 hour, Last 6 hours, or Last 7 days), or select a Custom Range to specify exact start and end times.

Search Log Data

In the Logpoint navigation bar, click Search.
In the Search bar at the top of the page, type or paste your search query.
To write a multiline query, press Shift + Enter to add a new line.
1. The Search bar expands vertically up to 15 lines.
2. If your query exceeds 15 lines, a scrollbar appears.
Use query assistance to help build your search:
1. Enable dynamic help to see keyword suggestions as you type.
2. In the Search bar, click the down arrow, or use:
  - CMD + right-click (macOS)
  - CTRL + right-click (Windows)
Click Run to start the search.
(Optional) To stop a running search, click Stop.
Review the results on the Search Results page.

Search Wizard

You can use the Search Wizard to build simple search queries. If Data Privacy is enabled, raw log events are not displayed.

In the navigation bar, click Use Wizard.
Enter your search terms.
Enter the words/phrases to exclude from the search.
Click Continue.
1. Click Search Now to search for logs using the query built so far.
Select Visualization.
1. If you selected Chart or Timechart,
  1. Select an Aggregator and a Field.
  2. Click Add. You can add multiple aggregators and fields.
  3. Click Continue.
  4. In the Group The Result, select fields to apply to group the search results.
  5. Click Search Now to get your results.
2. If you selected Latest,
  1. Select the fields from the dropdown to Group the results.
    5.2.2.
  2. Click Search Now to get your results.
3. If you selected Selected Fields,
  1. Choose the Fields in Select Fields To Watch.
  2. Click Search Now to get your results.

Last updated 17 days ago

Was this helpful?

Good night

hashtagWays to Search

Ways to Search