Log query
As a tenant administrator or an editor, you can use the Log query type to fetch log data from BMC Helix Log Analytics into your environment. You can use the queries to filter data in the panels and dashboards.
This query type uses the Lucene syntax. For more information, see https://bit.ly/2O7cyZd.
This query requires the following data:
Examples
Here are a few examples of Log type queries:
- View the number of times Windows Modules Installer service is restarted; you are loading Windows events data to BMC Helix Log Analytics.
message:"The Windows Modules Installer service entered the running state." - View the number of errors; you are loading Windows events data to BMC Helix Log Analytics.
winlog.computer_name:<name> AND log.level:error or log.level:Error - View the logs for a particular pod; you are loading Kubernetes logs to BMC Helix Log Analytics.
kubernetes.pod.uid:<pod ID>
Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*