Loose Search
New Log Search is available for Open Preview
We are rolling out a new Log Search experience to customers with an open preview starting January 31st, 2023. You can still use original Log Search during this open preview. Both the original and New Log Search will exist in parallel until development is complete. For now, review the topic on new Log Search and navigate to the Log Search Open Preview page in InsightIDR to become familiar with the new layout. Check back soon for fully updated documentation.
You can now use the Loose Search feature to search your logs in order to find partial and case insensitive matches.
This can be useful if you don’t know the full keyword you want to match, or can’t remember the case of the keyword you want to find.
For example, if you are searching for the term Facebook in the top private domain field but not using Loose Search, you would need to search for your keyword or string in different ways:
- Match the complete word and case for this log line for returned results.
- Use the [regex] expression
where(/Facebook/i)to indicate case insensitive and partial matching. - Use
where(http.agent = /.*Facebook.*/i)for case insensitive and partial matching against a specific field.
Loose Search allows you to write a query and click a button for easier log search.
To use Loose Search:
- Log in to InsightIDR and navigate to the “Log Search” page.
- Enter your query in the search bar.
- While in Simple or Visual Search mode, select the Case insensitive & partial matching checkbox.
Users that want to search in Advanced Search can simply write loose after the search parameters in the where() clause . For example, where(top_private_domain = Facebook, loose).
