Building Queries

InsightOps allows users different ways of searching their data via queries in the LEQL, Regex, String, KeyValue or Keyword search.

basic

What is LEQL?

The powerful search language Log Entry Query Language (LEQL) allows you to quickly construct queries that can extract the hidden data within your logs. LEQL is comprised of the other query languages for your searching convenience.

With LEQL, you can look for the occurrence of a single term, or try to graph your web sites response time over the last 24 hours, among many other uses.

Why Use LEQL?

LEQL follows a SQL-style syntax and constructing a query is simple and intuitive, because it combines several different languages and allows you to use the helpful LEQL Query Bar. LEQL allows you to search in the simplest way possible, or allows you to write more advanced queries to find granular information.

How do I use LEQL to build Queries?

The Query Bar has three modes that you can use when building your queries. The first mode is simple mode that allows you to build queries by selecting the desired functions and keys with your mouse. Each search begins with a where() statement, in which you can insert your query inside of the where statement.

The second is the advanced mode, which allows you to enter the full query using the keyboard. Experienced users will likely find this mode faster, but the syntax is strict and you must remember the different analytic functions available.

You can press the down key to see and load sample queries when the text box is empty.

You can switch between the simple and the advanced mode by clicking the mode switcher to the left of the query bar. If you find yourself in the advanced mode with an invalid query, the system will prevent you from returning to the simple mode. To return to the simple mode delete the query or fix the syntax errors.

The third mode is Visual Search, which overlays your raw log data with interactive charts that allow you to quickly filter your log data.

Operators

InsightOps supports both logical and comparison operators which allows you to create more complex searches. The below guide will introduce both sets of operators available to use while constructing a query.

Logical Operators

InsightOps supports the following logical operators to create comprehensive search criteria. Please note that when constructing a Search Query all operators should be typed in UPPERCASE.

Logical Operator

Example

Description

"AND"

expr1 AND expr2

Returns log events that match both criteria

"OR"

expr1 OR expr2

Returns log events that match one or both criteria

“NOT"

expr1 NOT expr2

Returns log events that match expr1 but not expr2

Comparison Operators

Comparison operators can be used for KVP search and Regular Expression search.

Comparison Operator

Example

Description

==

KeyA==KeyB

Returns log events where the key values are the same. Use this operator to compare keys. You can compare strings or numeric values.

!==

KeyA!==KeyB

Returns log events where the key values are not the same. You can input strings or numeric values.

=

KeyA=3

Returns log events where the key equals a specific value. Use this to compare keys. You can input a numeric or string value.

<

KeyA3

Returns log events that are less than the specified value. You can input a numeric value or key.

<=

KeyA<=KeyB or KeyA<=3

Returns log events that are less than or equal to the specified value. You can input a numeric value or a key.

KeyA>KeyB or KeyA>3

Returns log events that are greater than the specified value. You can input a numeric value or a key.

=

KeyA>=KeyB or KeyA>=3

Returns log events that are greater than or equal to the specified value. You can input a numeric value or a key.

Format numerical values

Numerical values must be formatted as an integer, floating-point value, or in scientific notation to be properly recognized by InsightOps. Units are not calculated as part of the comparison. For example, searching for a value<100bytes would not return a result with value=200bits.