Searching events

The Search service allows you to search all of your indexed events. 

Find information

You can search for information directly from the Search service home page. 

Simple text search

For now, only simple search on single word is supported.

First, enter text in the search bar of Search service, then, to display the results, you can:

  • Press Enter.
  • Click the Refresh button next to the search bar.
  • Click the Refresh button of your browser (this takes longer).

Second, you can filter

  • By index : Click "index" and select the index to filter on
  • By field : Click "field" and enter your filter inside the text input (key=value). Prefix by header. for headers. 

All the input parameters of a search are displayed in the URL of the search results, so that you can easily bookmark your search requests.

Search for data across a time range

By default, the time range of a search is set to the last 1 hour. You can easily change this default search period in different ways:

  • Click one one of the quick-pick predefined time ranges.
  • Select the Last n <units> checkbox. For example, if it's 2.23 and you select Last 1 hour, the search will display values from 1:23 to 2:23.
  • Select the Current n <units> checkbox. For example, if it's 2.23 and you select Current 1 hour, the search will display values from 2.00 to 2.23. 
  • Select the From  checkbox and select a from <date/time> and a to <date/time> .

Search on indexes

Index provide ways to filter on search results. You can use:

Index type Description
System index

Created by default. You can filter by:

  • dead letter – Default index. Receives all events that were not distributed to a custom index or were ignored on purpose.
  • error – Index that receives all errors encountered during the ingestion of events.
User index Any index you or someone with the same tenant as you have created through the index administration. For more information, see  How can I add another index ?

The index filtering can be configured using "Add index filter" action. When using this action a similar pop-up should show up:

Result display

Checkbox "Event headers" is unchecked by default, you can check it to see headers and meta data display

Related Links