JSON syntax for search log command
This search log command example uses JSON syntax, as explained in this topic.
Example query
The following example request performs a search of the logs. The request fetches one year of log data.Lines | Request |
---|---|
|
|
JSON fields
This table describes the JSON fields used in the sample query. You can modify these fields to customize the query for your use.Lines | Parameter | Description |
---|---|---|
1 | start |
Index of the log record from which to initiate the search. |
1 | results |
Number of records to fetch in a single search. |
2 to 7 | filter:range:timestamp:from |
Example of a filter using timestamp data, where the timestamp:from parameter
indicates the start date and time for the filter. |
2 to 7 | filter:range:timestamp:to |
Example of a filter using timestamp data, where the timestamp:to parameter
indicates the end date and time for the filter. |
8 to 11 | logsources |
An array containing details of the data source that contains the log. In this array you can opt to fetch log data from one data source of from more than one data source, as described in logsources parameter. |
12 | query |
Query formulated using SoLr query syntax. By default this query is
*,* . |
logsources parameter
You can customize the
logsources
parameter by specifying multiple data source
entries. Each entry is specified as key:value pairs, as shown in the following syntax
snippet: "logsources": [
{“name”:”datasource1”,” type”:”tag”},
{“name”:”datasource2”,” type”:”tag”},
{“name”:”datasource3”,” type”:”tag”},
],
For
example, the following code snippet fetches data from two log data sources:
/was_app/sysout
and
/was_app/error
: "logsources": [
{“name”:”/was_app/sysout”,” type”:”tag”},
{“name”:”/was_app/error”,”type”:”tag”}
],