Search¶
Text Search¶
A search generally consists of terms and operators. Wildcard queries are supported:
*matches 0 or more arbitrary characters;?matches 1 arbitrary character.
Multiple terms can be combined into complex queries using Boolean operators (AND/OR/NOT).
Note
The Explorer search uses the query_string() query syntax.
Terms can be single words or phrases. For example:
- Single word:
guance; - Multiple words:
guance test; (equivalent toguance AND test) - Phrase:
"guance test"; (using double quotes converts a group of words into a phrase)
Example:
JSON Search¶
Prerequisite
- Workspace created after
June 23, 2022; - Used in the log viewer.
By default, precise searches are performed on the content of message, and message must be in JSON format. Logs in other formats do not support this method of searching. The search format is: @key:value. For multi-level JSON, key names can be connected with . such as @key1.key2:value, as shown in the figure.
Use Case Example:
Message information as follows:
{
__namespace:tracing,
cluster_name_k8s:k8s-demo,
meta:{
service:ruoyi-mysql-k8s,
name:mysql.query,
resource:select dict_code, dict_sort, dict_label, dict_value, dict_type, css_class, list_class, is_default, status, create_by, create_time, remark
from sys_dict_data
}
}
# Query cluster_name_k8s = k8s-demo
@cluster_name_k8s:k8s-demo // Exact match
@cluster_name_k8s:k?s* // Fuzzy match
# Query under meta where service = ruoyi-mysql-k8s
@meta.service:ruoyi-mysql-k8s // Exact match
@meta.service:ruoyi?mysql* // Fuzzy match
Note
When the search content contains . (such as trace.id), directly entering it in the @key1.key2:value format will cause the system to recognize trace and id as two separate keys rather than one whole. To avoid this issue, use the @\"key1.xxx\":value format instead, for example @\"trace.id\":value, so that the system correctly identifies the complete key name.