Search¶
Text Search¶
A search usually consists of terms and operators. Wildcard queries are supported:
*matches 0 or more arbitrary characters;?matches 1 arbitrary character.
Multiple terms can be combined into complex queries using Boolean operators (AND/OR/NOT).
Note
The Explorer uses the query_string() query syntax.
Terms can be single words or phrases. For example:
- Single word:
guance; - Multiple words:
guance test; (equivalent toguance AND test) - Phrase:
"guance test"; (using double quotes converts a group of words into a phrase)
Example:
JSON Search¶
Prerequisite
- Workspace created after
June 23, 2022; - Used in the log viewer.
By default, precise searches are performed on the content of message, and message must be in JSON format. Log contents in other formats do not support this search method. The search format is: @key:value. For multi-level JSON, key names can be connected with . such as @key1.key2:value, as shown in the figure below.
Use case example:
Message information is as follows:
{
__namespace:tracing,
cluster_name_k8s:k8s-demo,
meta:{
service:ruoyi-mysql-k8s,
name:mysql.query,
resource:select dict_code, dict_sort, dict_label, dict_value, dict_type, css_class, list_class, is_default, status, create_by, create_time, remark
from sys_dict_data
}
}
# Query cluster_name_k8s = k8s-demo
@cluster_name_k8s:k8s-demo // Exact match
@cluster_name_k8s:k?s* // Fuzzy match
# Query under meta where service = ruoyi-mysql-k8s
@meta.service:ruoyi-mysql-k8s // Exact match
@meta.service:ruoyi?mysql* // Fuzzy match
Note
When the search content includes . (such as trace.id), directly entering @key1.key2:value will cause the system to identify trace and id as two separate keys instead of one whole key. To avoid this issue, please use the format @\"key1.xxx\":value, for example @\"trace.id\":value. This way, the system will correctly recognize the complete key name.