Querying Logs

There are two major ways to search for logs. You can use SQL syntax or full text search.

SQL

Here is an example SQL query selecting a specific JSON fields:

SELECT
    "timestamp",
    json_extract(logs.msg, '$.Data.method') AS method,
    json_extract(logs.msg, '$.Data.request_uri') AS request_uri,
    json_extract(logs.msg, '$.Data.user_agent') AS user_agent,
    json_extract(logs.msg, '$.Data.addr') AS addr
FROM logs
WHERE json_valid(msg) AND request_uri LIKE '%/account%'
ORDER BY "timestamp" DESC
LIMIT 2001;

Full Text Search

You can also use full text search.

Examples:

• water will search for the term “water”
• "light beer" will search for the phrase
• description:water will look for water in the description JSON field
• /light (beer|wine)/ will perform a regular expression against the terms
• description:/wat.*/ it works on JSON fields too
• +description:water -light beer will perform a query that MUST satisfy the term water in the description field, MUST NOT satisfy query for the term light, and SHOULD satisfy the query for the term beer