diff --git a/docs/images/logs-page.png b/docs/images/logs-page.png new file mode 100644 index 00000000..d66ceae6 Binary files /dev/null and b/docs/images/logs-page.png differ diff --git a/docs/images/logs-search-around.png b/docs/images/logs-search-around.png new file mode 100644 index 00000000..7597d725 Binary files /dev/null and b/docs/images/logs-search-around.png differ diff --git a/docs/images/logs-search-query.png b/docs/images/logs-search-query.png new file mode 100644 index 00000000..a81ec445 Binary files /dev/null and b/docs/images/logs-search-query.png differ diff --git a/docs/images/queried-results.png b/docs/images/queried-results.png new file mode 100644 index 00000000..ab56d8b2 Binary files /dev/null and b/docs/images/queried-results.png differ diff --git a/docs/images/run-query.png b/docs/images/run-query.png new file mode 100644 index 00000000..1f16721f Binary files /dev/null and b/docs/images/run-query.png differ diff --git a/docs/images/search-around-result-no-filter.png b/docs/images/search-around-result-no-filter.png new file mode 100644 index 00000000..2c20880a Binary files /dev/null and b/docs/images/search-around-result-no-filter.png differ diff --git a/docs/images/search-around-result.png b/docs/images/search-around-result.png new file mode 100644 index 00000000..4f537416 Binary files /dev/null and b/docs/images/search-around-result.png differ diff --git a/docs/images/search-around.png b/docs/images/search-around.png new file mode 100644 index 00000000..18a9d978 Binary files /dev/null and b/docs/images/search-around.png differ diff --git a/docs/images/select-stream.png b/docs/images/select-stream.png new file mode 100644 index 00000000..58522683 Binary files /dev/null and b/docs/images/select-stream.png differ diff --git a/docs/images/source-details-search-around.png b/docs/images/source-details-search-around.png new file mode 100644 index 00000000..eb0523b1 Binary files /dev/null and b/docs/images/source-details-search-around.png differ diff --git a/docs/images/source-details.png b/docs/images/source-details.png new file mode 100644 index 00000000..bcb92773 Binary files /dev/null and b/docs/images/source-details.png differ diff --git a/docs/images/sql-query.png b/docs/images/sql-query.png new file mode 100644 index 00000000..7240b825 Binary files /dev/null and b/docs/images/sql-query.png differ diff --git a/docs/images/time-range-selection.png b/docs/images/time-range-selection.png new file mode 100644 index 00000000..74463357 Binary files /dev/null and b/docs/images/time-range-selection.png differ diff --git a/docs/user-guide/logs/.pages b/docs/user-guide/logs/.pages index 2dee074e..353f5684 100644 --- a/docs/user-guide/logs/.pages +++ b/docs/user-guide/logs/.pages @@ -1,4 +1,6 @@ nav: - Logs Overview: index.md - Logs in OpenObserve: logs.md + - Search Around: search-around.md - Quick Mode and Interesting Fields: quickmode.md + diff --git a/docs/user-guide/logs/index.md b/docs/user-guide/logs/index.md index e7d731f5..0f524bf3 100644 --- a/docs/user-guide/logs/index.md +++ b/docs/user-guide/logs/index.md @@ -16,4 +16,5 @@ You can use the Logs page to: Learn more: -- [Logs in OpenObserve](logs.md) \ No newline at end of file +- [Logs in OpenObserve](logs.md) +- [Search Around](search-around.md) \ No newline at end of file diff --git a/docs/user-guide/logs/search-around.md b/docs/user-guide/logs/search-around.md new file mode 100644 index 00000000..76dee1c8 --- /dev/null +++ b/docs/user-guide/logs/search-around.md @@ -0,0 +1,43 @@ +--- +title: Search Around in OpenObserve Logs +description: Learn how to use Search Around in OpenObserve to view logs before and after a record for better debugging context. +--- +# Search Around in Logs + +This page explains how to use the Search Around feature for a selected log record. + +## Overview +The Search Around feature fetches stored log entries that are immediately before and after a selected record. The results are based only on the order in which records are stored in the storage backend, and they do not include filters from the original search query. This behavior gives you additional context for debugging and troubleshooting. + +!!! note "Who can use it" + The feature is available to all users with access to the **Logs** page. + +--- + +## How to use +1. Navigate to the **Logs** page in your OpenObserve instance. +![logs page](../../images/logs-page.png) +2. Choose the log stream that you want to query. +![select-stream](../../images/select-stream.png) +3. In the query editor, write an SQL query to fetch the desired logs. You can add filters to the query to narrow down the logs. For example, +```sql +SELECT * +FROM "default" +WHERE match_all('staging') +``` +![sql-query](../../images/sql-query.png) +This query retrieves logs where any text field contains the keyword `staging`. +4. Select the time range for the query. +![time-range-selection](../../images/time-range-selection.png) +5. Click **Run Query** to view the queried records. +![run-query](../../images/run-query.png) +6. From the results, click the target record to open the **Source Details** view. +![queried-results](../../images/queried-results.png) +7. Locate the **Search Around** option available at the bottom of this screen. +![source-details](../../images/source-details.png) +8. In the **Number of events** selector, choose how many records you want to retrieve in total, including the selected record. For example, when you select 10, the result set contains 10 records in total, including the selected record. The split is 5 records before the selected record and 4 records after. +9. Click **Search Around**. +![search-around-result](../../images/search-around-result.png) +The search around results are shown without applying the filters from your original query. The record highlighted in the following image does not contain the keyword staging, even though the query used `match_all('staging')`. +![search-around-result-no-filter](../../images/search-around-result-no-filter.png) +