Search Logs

This section provides example of how to search logs using the SigNoz Logs API. The example demonstrates querying logs with specific attributes and using pagination to navigate through the results.

Example Query

The following example searches for logs where deployment_name=hotrod, method=get, and severity_text=info. Here, deployment_name is a resource attribute, method is a tag attribute, and severity_text is a top-level field. You can choose the start and end timestamp according to your use case.

Sample Payload

This is the JSON payload for the example query described above for Searching Logs.

{
    "start": 1700733979000,
    "end": 1700737579000,
    "step": 60,
    "variables": {},
    "compositeQuery": {
        "queryType": "builder",
        "panelType": "list",
        "builderQueries": {
            "A": {
                "dataSource": "logs",
                "queryName": "A",
                "aggregateOperator": "noop",
                "aggregateAttribute": {},
                "filters": {
                    "items": [
                        {
                            "key": {
                                "key": "deployment_name",
                                "dataType": "string",
                                "type": "resource",
                                "isColumn": false
                            },
                            "op": "=",
                            "value": "hotrod"
                        },
                        {
                            "key": {
                                "key": "method",
                                "dataType": "string",
                                "type": "tag",
                                "isColumn": false
                            },
                            "op": "=",
                            "value": "get"
                        },
                        {
                            "key": {
                                "key": "severity_text",
                                "dataType": "string",
                                "type": "",
                                "isColumn": true
                            },
                            "op": "=",
                            "value": "info"
                        }
                    ],
                    "op": "AND"
                },
                "expression": "A",
                "disabled": false,
                "stepInterval": 60,
                "orderBy": [
                    {
                        "columnName": "timestamp",
                        "order": "desc"
                    }
                ],
                "pageSize": 100
            }
        }
    }
}

Pagination is crucial for efficiently navigating through large sets of log data. The SigNoz Logs API supports pagination, allowing you to retrieve logs in manageable batches. Below are examples demonstrating how to implement pagination in your log search queries.

Ordering by Timestamp

If we are ordering by timestamp, then we will use id and pageSize for pagination.

Fetching the Latest 10 logs

To retrieve the most recent 10 logs, you set the pageSize to 10 and order the results by timestamp in descending order. This ensures that you get the latest logs first.

{
    "start": 1700734490000,
    "end": 1700738090000,
    "step": 60,
    "dataSource": "logs",
    "compositeQuery": {
        "queryType": "builder",
        "panelType": "list",
        "builderQueries": {
            "A": {
                "queryName": "A",
                "dataSource": "logs",
                "aggregateOperator": "noop",
                "expression": "A",
                "disabled": false,
                "pageSize": 10,
                "stepInterval": 60,
                "filters": {
                    "items": [
                    ],
                    "op": "AND"
                },
                "orderBy": [
                    {
                        "columnName": "timestamp",
                        "order": "desc"
                    }
                ]
            }
        }
    }
}

Fetching the Previous 10 logs

To fetch the 10 logs preceding the most recent batch, add a filter for the log ID using the < operator with the value set to the ID of the last log received in the previous request.

{
    "start": 1700734490000,
    "end": 1700738090000,
    "step": 60,
    "dataSource": "logs",
    "compositeQuery": {
        "queryType": "builder",
        "panelType": "list",
        "builderQueries": {
            "A": {
                "queryName": "A",
                "dataSource": "logs",
                "aggregateOperator": "noop",
                "expression": "A",
                "disabled": false,
                "pageSize": 10,
                "filters": {
                    "items": [
                        {
                            "key": {
                                "key": "id",
                                "type": "",
                                "dataType": "string",
                                "isColumn": true
                            },
                            "op": "<",
                            "value": "2QSbeXlRK0dyXIwJhLJBBtrZzxu"
                        }
                    ],
                    "op": "AND"
                },
                "orderBy": [
                    {
                        "columnName": "timestamp",
                        "order": "desc"
                    }
                ]
            }
        }
    }
}

Ordering by Any Other Key

In addition to fetching logs based on timestamps, the SigNoz Logs API allows you to paginate through logs using other keys. This method can be faster or slower depending on the key used.

Fetching the Latest 10 logs

To fetch the latest 10 logs based on a specific key (e.g., response_time), set the pageSize to 10 and order by that key in descending order. This retrieves the most recent logs according to the specified key.

{
    "start": 1700734490000,
    "end": 1700738090000,
    "step": 60,
    "dataSource": "logs",
    "compositeQuery": {
        "queryType": "builder",
        "panelType": "list",
        "builderQueries": {
            "A": {
                "queryName": "A",
                "dataSource": "logs",
                "aggregateOperator": "noop",
                "expression": "A",
                "disabled": false,
                "pageSize": 10,
                "offset": 0,
                "limit": 100,
                "filters": {
                    "items": [
                    ],
                    "op": "AND"
                },
                "orderBy": [
                    {
                        "columnName": "response_time",
                        "order": "desc"
                    }
                ]
            }
        }
    }
}

Fetching the Previous 10 logs

To fetch the previous 10 logs, you can use the offset parameter. For example, if you have already fetched the first 10 logs, set offset to 10 to retrieve the next 10 logs based on the specified key.

{
    "start": 1700734490000,
    "end": 1700738090000,
    "step": 60,
    "dataSource": "logs",
    "compositeQuery": {
        "queryType": "builder",
        "panelType": "list",
        "builderQueries": {
            "A": {
                "queryName": "A",
                "dataSource": "logs",
                "aggregateOperator": "noop",
                "expression": "A",
                "disabled": false,
                "pageSize": 10,
                "offset": 10,
                "limit": 100,
                "filters": {
                    "items": [
                    ],
                    "op": "AND"
                },
                "orderBy": [
                    {
                        "columnName": "response_time",
                        "order": "desc"
                    }
                ]
            }
        }
    }
}

Was this page helpful?