InsightOps

Building Queries

InsightOps allows users different ways of searching their data via queries in the LEQL, Regex, String, KeyValue or Keyword search.

What is LEQL?

The powerful search language Log Entry Query Language (LEQL) allows you to quickly construct queries that can extract the hidden data within your logs. LEQL is comprised of the other query languages for your searching convenience.

With LEQL, you can look for the occurrence of a single term, or try to graph your web sites response time over the last 24 hours, among many other uses.

Why Use LEQL?

LEQL follows a SQL-style syntax and constructing a query is simple and intuitive, because it combines several different languages and allows you to use the helpful LEQL Query Bar. LEQL allows you to search in the simplest way possible, or allows you to write more advanced queries to find granular information.

How do I use LEQL to build Queries?

The Query Bar has three modes that you can use when building your queries. The first mode is simple mode that allows you to build queries by selecting the desired functions and keys with your mouse. Each search begins with a where() statement, in which you can insert your query inside of the where statement.

The second is the advanced mode, which allows you to enter the full query using the keyboard. Experienced users will likely find this mode faster, but the syntax is strict and you must remember the different analytic functions available.

You can press the down key to see and load sample queries when the text box is empty.

You can switch between the simple and the advanced mode by clicking the mode switcher to the left of the query bar. If you find yourself in the advanced mode with an invalid query, the system will prevent you from returning to the simple mode. To return to the simple mode delete the query or fix the syntax errors.

The third mode is Visual Search, which overlays your raw log data with interactive charts that allow you to quickly filter your log data.

Operators

InsightOps supports both logical and comparison operators which allows you to create more complex searches. The below guide will introduce both sets of operators available to use while constructing a query

Logical Operators

InsightOps supports the following logical operators to create comprehensive search criteria.
Please note that when constructing a Search Query all operators should be typed in UPPERCASE.

Logical Operator
Example
Description

"AND"

expr1 AND expr2

Returns log events that match both criteria

"OR"

expr1 OR expr2

Returns log events that match one or both criteria

“NOT"

expr1 NOT expr2

Returns log events that match expr1 but not expr2

Comparison Operators

Comparison operators can be used for KVP search and Regular Expression search

Comparison Operator
Example
Description

=

field=value

Returns log events that match the search value – matches numeric and text values

!=

field!=value

Returns log events that do not match the search value – matches numeric and text values

>

field>num

Returns log events with field values higher than the search value

>=

field>=num

Returns log events with field values higher than or equal to the search value

<

field<num

Returns log events with field values lower than the search value

<=

field<=num

Returns log events with field values lower than or equal the search value

NOTE: Numerical values must be formatted as an integer, floating-point value, or in scientific notation to be properly recognized by InsightOps. Units are not calculated as part of the comparison. E.g. searching for a value<100bytes would not return a result with value=200bits


Building Queries


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.