Search logs using an SPL-like syntax
The Grepr platform supports running basic searches with the search command. The syntax for this command is similar to piped query languages like Splunk Processing Language (SPL). You can also run piped queries with multiple search stages chained using the pipe (|) operator, with some limitations.
For a full reference on SPL syntax, see Welcome to the Search Reference .
Piping commands
You can chain multiple search commands using the pipe (|) operator. Each stage filters the results from the previous stage:
search <expression1> | search <expression2> | ...The first search command is optional, but subsequent search commands are required to filter results further.
Run a basic text search
A basic text search performs a full-text search across the message field of log entries:
search "text to search"Search for logs with matching field values
The search command can also filter logs based on field values:
search field=valueAttributes and tags can be queried using the following formats:
attributes.attr=valuetags.tagKey=value
For more details on attributes and tags, see The Grepr processing and data models.
Field searches (e.g., field=value) apply to both attributes and tags and are equivalent to attributes.field=value OR tags.field=value
If the value contains special characters or spaces, wrap it in double quotes:
search attributes.attr="double-quoted value"
search tags.tagKey="double-quoted value"Wildcard searches
Use the asterisk (*) as a wildcard to match zero or more characters in field values:
search field=value*Boolean operators
You can use AND, OR, and NOT to combine or modify search expressions:
search expression1 AND expression2
search expression1 OR expression2
search NOT expressionLimitations
The following commands and expressions are not supported:
- Arithmetic operations:
+,-,*,/,%. - Advanced SPL commands:
stats,table,eval,where,sort,top,rex,fields,lookup,join,dedup, and others. - Subqueries