Search¶
Text Search¶
Searches generally consist of terms and operators. Wildcard queries are supported:
*matches 0 or more arbitrary characters;?matches 1 arbitrary character.
Multiple terms can be combined into complex queries using Boolean operators (AND/OR/NOT).
Note
The Explorer search uses the query_string() query syntax.
A term can be a single word or phrase. For example:
- Single word:
guance; - Multiple words:
guance test; (equivalent toguance AND test) - Phrase:
"guance test"; (using double quotes converts a group of words into a phrase)
Example:
JSON Search¶
Prerequisite
- Workspace created after
June 23, 2022; - Used in the log viewer.
By default, precise searches are performed on the content of message, and message must be in JSON format. Logs in other formats do not support this type of search. The search format is: @key:value. For multi-level JSON, you can use . to connect key names, for example, @key1.key2:value, as shown in the figure.
Scenario Example:
Message information is as follows:
{
__namespace:tracing,
cluster_name_k8s:k8s-demo,
meta:{
service:ruoyi-mysql-k8s,
name:mysql.query,
resource:select dict_code, dict_sort, dict_label, dict_value, dict_type, css_class, list_class, is_default, status, create_by, create_time, remark
from sys_dict_data
}
}
# Query cluster_name_k8s = k8s-demo
@cluster_name_k8s:k8s-demo // Exact match
@cluster_name_k8s:k?s* // Fuzzy match
# Query service under meta = ruoyi-mysql-k8s
@meta.service:ruoyi-mysql-k8s // Exact match
@meta.service:ruoyi?mysql* // Fuzzy match
Note
When the search content contains . (such as trace.id), directly entering the @key1.key2:value format will cause the system to recognize trace and id as two separate keys instead of one whole. To avoid this issue, please enter it in the format @\"key1.xxx\":value, for example, @\"trace.id\":value. This way, the system will correctly identify the complete key name.