--- title: Log Analytics description: >- Group queried logs into fields, patterns, and transactions, and create multiple search queries, formulas, and functions for in-depth analysis. breadcrumbs: Docs > Log Management > Log Explorer > Log Analytics --- # Log Analytics ## Overview{% #overview %} Logs can be valuable as individual events, but sometimes valuable information lives in a subset of events. - [Fields](https://docs.datadoghq.com/logs/explorer/analytics/#group-logs-by-fields) - [Patterns](https://docs.datadoghq.com/logs/explorer/analytics/patterns) - [Transactions](https://docs.datadoghq.com/logs/explorer/analytics/transactions) Switch between different aggregations of your queried logs with the logs query editor. The fields you select to group, aggregate, and measure your logs are saved as you switch between different visualizations and aggregation types. {% image source="https://datadog-docs.imgix.net/images/logs/explorer/aggregations.b6e2cecc1804a7d2e819f8f55d0bc643.jpg?auto=format" alt="A bar graph displaying logs and the option to group into fields, patterns, and transactions" /%} You can add multiple queries to simultaneously analyze different sets of logs, and apply formulas and functions to your queries for in-depth analysis. Aggregations are supported for **indexed logs only**. If you need to perform aggregation on non-indexed logs, consider [temporarily disabling exclusion filters](https://docs.datadoghq.com/logs/log_configuration/indexes/#switch-off-switch-on), generating [log-based metrics](https://docs.datadoghq.com/logs/logs_to_metrics), and/or running a [rehydration](https://docs.datadoghq.com/logs/log_configuration/rehydrating/) on your archives. ## Group logs by fields{% #group-logs-by-fields %} When aggregating indexed logs by **Fields**, all logs matching your query filter are aggregated into groups based on the query search values. On top of these aggregates, you can extract the following measures: - **count of logs** per group - **count of unique coded values** for a query search value per group (shown in the UI as `count unique of`) - **statistical operations** (`min`, `max`, `avg`, and `percentiles`) on numerical values of a query search value per group Individual logs with multiple query search values belong to that many aggregates. For instance, a log with the `team:sre` and the `team:marketplace` tags are counted once in the `team:sre` aggregate and once in the `team:marketplace` aggregate. ### Visualize log groups{% #visualize-log-groups %} The **Fields** aggregation supports one dimension for the [Top List](https://docs.datadoghq.com/logs/explorer/visualize/#top-list) visualization, and up to four dimensions for the [Timeseries](https://docs.datadoghq.com/logs/explorer/visualize/#timeseries), [Table](https://docs.datadoghq.com/logs/explorer/visualize/#nested-tables), [Tree Map](https://docs.datadoghq.com/dashboards/widgets/treemap), and [Pie Chart](https://docs.datadoghq.com/dashboards/widgets/pie_chart) visualizations. When there are multiple dimensions, the top values are determined according to the first dimension, then according to the second dimension within the top values of the first dimension, then according to the third dimension within the top values of the second dimension. ### Multiple queries{% #multiple-queries %} Multiple queries are supported in [Timeseries](https://docs.datadoghq.com/logs/explorer/visualize/#timeseries) and [Table](https://docs.datadoghq.com/logs/explorer/visualize/#nested-tables) visualizations. Add multiple queries by clicking on the `+ Add` button next to the query editor. When you add a new query, it is a copy of the last query and its grouping options: {% video url="https://datadog-docs.imgix.net/images/logs/explorer/group/add_multiple_queries.mp4" /%} Select or deselect queries to display in the current visualization by clicking on their letters in the query editor: {% image source="https://datadog-docs.imgix.net/images/logs/explorer/group/select_multiple_queries.0b62b73b0b6cfe0061ea41a59e1ec2e0.jpg?auto=format" alt="The query editor with two queries, one is labeled A and the other is labeled B" /%} By default, when a new query is added, it is automatically selected to be displayed in the chosen visualization. Display the timeline for one of your queries by selecting that query in the `Timeline for` dropdown. Scope one of your search queries by selecting that query in the `Use facets with` dropdown and clicking on values in the [Facet Panel](https://docs.datadoghq.com/logs/explorer/facets/#facet-panel). Only the selected query is updated with the chosen facets. {% image source="https://datadog-docs.imgix.net/images/logs/explorer/group/query_selector.b9a20bed31150964d1aecd876b7f98ca.jpg?auto=format" alt="The query editor showing the timeline for selector with dropdown options for query A and query B" /%} ### Functions{% #functions %} Functions are supported in all visualizations. Apply functions to your logs by clicking on the `Fields` aggregation in the query editor. Optionally select a faceted field to apply the function to, then click on the `Σ` icon next to that measure. Select or search for a function to apply to the selected log field. {% video url="https://datadog-docs.imgix.net/images/logs/explorer/group/add_function.mp4" /%} All functions available for logs in the graphing editor in Dashboards can be applied to logs in the Log Explorer: - [Arithmetic](https://docs.datadoghq.com/dashboards/functions/arithmetic) - [Interpolation](https://docs.datadoghq.com/dashboards/functions/interpolation) - [Timeshift](https://docs.datadoghq.com/dashboards/functions/timeshift) - [Rate](https://docs.datadoghq.com/dashboards/functions/rate) - [Smoothing](https://docs.datadoghq.com/dashboards/functions/smoothing) - [Rollup](https://docs.datadoghq.com/dashboards/functions/rollup) - [Exclusion](https://docs.datadoghq.com/dashboards/functions/exclusion) Here is an example of how to apply an [Exclusion function](https://docs.datadoghq.com/dashboards/functions/exclusion) to exclude certain values of your logs: {% image source="https://datadog-docs.imgix.net/images/logs/explorer/group/exclusion_function_logs.8e85a945946582df5e6918faa41e5678.jpg?auto=format" alt="A query with the cutoff min exclusion filter set to 100" /%} ### Formulas{% #formulas %} Apply a formula on one or multiple queries by clicking on the `+ Add` button next to the query editor. In the following example, the formula is used to calculate the ratio of the unique number of `Cart Id` in logs for `Merchant Tier: Enterprise` / `Merchant Tier: Premium` customers: {% image source="https://datadog-docs.imgix.net/images/logs/explorer/group/multiple_query_formula.8811258cc055ecc46e03461bf6bc3155.jpg?auto=format" alt="The query editor with a formula dividing query A by query B" /%} To apply formulas with multiple queries, all queries must be grouped by the same query search value. In the example above, both queries are grouped by `Webstore Store Name`. You can apply a function to a formula by clicking on the `Σ` icon. Here is an example of how to apply a [Timeshift function](https://docs.datadoghq.com/dashboards/functions/timeshift) on the proportion of error logs in all logs to compare current data with data from one week before: {% image source="https://datadog-docs.imgix.net/images/logs/explorer/group/timeshift_function_logs.b70c9b66125c7d808e5708240e0af6f3.jpg?auto=format" alt="The query editor showing a formula with the week before timeshift function applied to it" /%} ## Further reading{% #further-reading %} - [Filter logs](https://docs.datadoghq.com/logs/explorer/search) - [Create visualizations from logs](https://docs.datadoghq.com/logs/explorer/visualize) - [Export Log Explorer views](https://docs.datadoghq.com/logs/explorer/export) - [Add more context to your logs with Reference Tables](https://www.datadoghq.com/blog/add-context-with-reference-tables/)