Skip to content
This repository has been archived by the owner on Mar 4, 2024. It is now read-only.

Allow support for null leql filter #27

Closed
convenient opened this issue Nov 3, 2016 · 4 comments
Closed

Allow support for null leql filter #27

convenient opened this issue Nov 3, 2016 · 4 comments

Comments

@convenient
Copy link

convenient commented Nov 3, 2016
edited
Loading

Use case:

For a group I want to be able to view all log files produced in the last 5 minutes.

What I expect to work:

lecli query --loggroup super_group -r 'last 5 mins'

What happens:

Progress  [------------------------------------]    0%
Request Error: 400 Client Error: Bad Request for url: https://rest.logentries.com/query/logs/

How I get around it:

lecli query --loggroup super_group --leql 'where(/(.*?)/)' -r 'last 5 mins'

Is there a feature for this already? Or can we possibly bake in this leql "match anything" regex so that it is used when no --leql is defined.
@jfitzpatrick-r7
Copy link

Hi,

You can use the recentevents command to get all events for the last x time period. For example:
lecli recentevents -g myloggroup -l 300
where 300 specifies the last 300 seconds

@convenient
Copy link
Author

Okay so that solves the "last 5 minute" scenario nicely. But I have a further use case I'm struggling with (I'm aware the problem may be with me the user, and not your tool!)

Use case

Show all logs for a group in a time period

What I expect to work

lecli query --loggroup super_group --datefrom '2016-10-01 11:04:00' --dateto '2016-11-01 11:09:59'

What happens

Example usage: lecli query 12345678-aaaa-bbbb-1234-1234cb123456 -q 'where(method=GET) calculate(count)' -f 1465370400 -t 1465370500
Example usage: lecli query 12345678-aaaa-bbbb-1234-1234cb123456 -q 'where(method=GET) calculate(count)'  --datefrom '2016-05-18 11:04:00' --dateto '2016-05-18 11:09:59'
Example usage: lecli query --loggroup myloggroup --leql 'where(method=GET) calculate(count)' --datefrom '2016-05-18 11:04:00' --dateto '2016-05-18 11:09:59'
Example usage: lecli query --lognick mynicknamedlog --leql 'where(method=GET) calculate(count)' --datefrom '2016-05-18 11:04:00' --dateto '2016-05-18 11:09:59'
Example usage: lecli query --lognick mynicknamedlog --leql 'where(method=GET) calculate(count)' -r 'last 3 days'

How I get around it

lecli query --loggroup super_group --leql 'where(/(.*?)/)' --datefrom '2016-10-01 11:04:00' --dateto '2016-11-01 11:09:59'

@jfitzpatrick-r7
Copy link

Hi Luke,

The events command should provide what you need.

Example usage:
lecli events --loggroup myloggroup --datefrom '2016-05-18 11:04:00' --dateto '2016-05-18 11:09:59'

@convenient
Copy link
Author

I'm going to file this error as PEBCAK and close it off ;)

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@convenient @jfitzpatrick-r7