All of the search parameters are contained within the URL, so you can share your view simply sharing the URL.
A query is composed of terms and operators.
There are two types of terms:
A Single Term is a single word such as “test” or “hello”.
A Sequence is a group of words surrounded by double quotes such as “hello dolly”.
To combine multiple terms into a complex query, you can use any of the following boolean operators:
| Operator | **Description ** | **Example ** |
AND |
Intersection: both terms are in the selected events (if nothing is added, AND is taken by default) | authentication AND failure |
OR |
Union: either term is contained in the selected events | authentication OR password |
- |
Exclusion: the following term is NOT in the event | authentication AND -password |
To search on a specific facet you need to add it as a facet first then add @ to specify you are searching on a facet.
For instance, if your facet name is url and you want to filter on the url value www.datadoghq.com just enter:
@url:www.datadoghq.com
To perform a multi-character wildcard search, use the * symbol as follows:
service:web* matches every log message that has a service starting by “web”.hello* matches all log messages starting with hello*hello matches all log messages that end with helloUse <,>, <=, or >= to perform a search on numerical attributes. For instance, retrieve all logs that have a response time over 100ms with:
@http.response_time:>100
It is also possible to search for numerical attribute within a specific range. For instance, retrieve all your 4xx errors with:
@http.status_code:[400 TO 499]
Your logs inherit tags from hosts and integrations that generate them. They can be used in the search and as facets as well:
test is searching for the string “test”.("env:prod" OR test) matches all logs with the tag #env:prod or the tag #test(service:srvA OR service:srvB) or (service:(srvA OR srvB)) Matches all logs that contain tags #service:srvA or #service:srvB.("env:prod" AND -"version:beta") matches all logs that contain #env:prod and that do not contain #version:betaIf your tags don’t follow tags best practices and don’t use the key:value syntax, use this search query:
tags:<MY_TAG>Typing a complex query can be cumbersome. Use the search bar’s autocomplete feature to complete your query using existing values:
The following attributes are considered as special: ?, >, <, :, =,", ~, /, and \ require escaping.
For instance, to search logs that contain user=12345 the following search must be entered:
user\=JaneDoe
The same logic must be applied to spaces within log attributes. Log attributes should not contain spaces, but in such a case, spaces must be escape.
If an attribute was called user.first name, perform a search on this attribute by escaping the space:
@user.first\ name:myvalue
Don’t lose time building the same views everyday. Saved Views contain your search query, columns, time horizon, and facet.
Additional helpful documentation, links, and articles:
