Use our Logs UI at one.newrelic.com to quickly search through your log data in seconds. Each log lists available attributes in the
log_summary column. To drill down into additional details, click any highlighted attribute.
Ready to get started? If you haven't already, create your free New Relic account below to start monitoring your data today.
Using Logs, you can search through your log data by entering either simple keywords, such as
relic, or phrases such as
"new relic agent", directly into the search field.
Plain terms are a "contains" search for the
message attribute of your logs. For instance,
"new relic agent" is equivalent to the more verbose
message: "*New Relic Agent*".
To search other attributes, prefix the attribute to your terms, such as
source: "*new relic agent*". See General operators below for more details.
You can also combine keywords or phrases with operators to form more complex queries.
Log queries in New Relic are based on the Lucene query language, and any Lucene function listed in this document is supported. (If a Lucene function is not listed, we do not support it.) For some helpful examples, check out this Lucene tutorial.
General query rules:
Log query rules
The query syntax is case sensitive for attributes values. Attribute names are always case sensitive.
Exception: Wildcard searches are case insensitive for attribute values.
When a term contains whitespace characters such as the space or tab character, the term will need to be double-quoted.
Example: To query for a
Note: to query for a
When a term contains special characters, double-quote the term and escape the special characters using a backslash (
Example: To query for a
You can run wildcard searches using an asterisk (
Example: to query for a
If your term contains spaces or other metacharacters (see above), you'll need to quote the wildcarded term.
Example, to query for a
Search with text
To return more specific query results, use text searches to join together keywords or phrases.
The Logs query syntax accepts the following text operators:
Text operator example
Search for log results containing keywords entered separately:
Exact matching (phrase)
Search for log results containing the specific phrase entered:
Either / Or
Search for log results containing either or both of the keywords entered:
Search for log results containing both of the keywords entered:
* Wildcard (zero or more)
Search for log results containing both of the keywords entered, with zero or more characters between them:
Search for log results that do not contain the specific keyword entered:
Search for log results that do not contain the specific phrase entered.
Search with attributes
Use attribute searches to narrow the query results to a specific attribute or field.
The following operators can be used by all types of attributes:
General operator example
Search for log results where the attribute equals the keyword specified. Example: The field
Does not equal
Search for log results where the attribute does not equal the keyword specified. Example: The field
Search for log results where the attribute contains the specified keyword. Example: The field
Does not contain
Search for log results where the attribute does not contain the specified keyword. Example: The field
Search for log results where the attribute starts with the specified keyword specified. Example: The field
Search for log results where the attribute ends with the specified keyword specified. Example: The field
Search for log results that have the specified field. Example: Has the field
Search for log results that are missing the specified field. Example: Missing the field
The following operators can only be used by numeric attributes:
Numeric operator example
Search for log results attribute matches that are greater than the given parameter. Example: The field
Greater than or equal to
Search for log results with attribute matches that are greater than or equal to the given parameter. Example: The field
Search for log results with attribute matches that are less than the given parameter. Example: The field
Less than or equal to
Search for log results with attribute matches that are less than or equal to the given parameter. Example: The field
Logs query examples
Example: Query Apache logs
About Apache logs
If you have Apache logs, we recommend using our built in parsing rules for Apache logs to parse the logs into attributes. To use the built-in parsing, simply add the
logtype: apache attribute to your
logging.yml configuration on the hosts for your Apache logs.
Here are some examples of querying Apache logs:
Example: Query Amazon Cloudfront CDN logs
About CDN logs
If you have Amazon CloudFront logs, learn how to Forward Amazon CloudFront access logs to New Relic. We offer built-in parsing rules that can be used to automatically parse your Amazon Cloudfront standard or real-time access logs. We also have an Amazon Cloudfront access logs quickstart dashboard you can install that gives you immediate insight into your Amazon CloudFront CDN access logs!
Here are some examples of querying Amazon Cloudfront CDN access logs:
Create a dashboard from a logs query
From the integrated query builder in the Logs or Query builder UI, you can also easily add your query to a dashboard by selecting View query in the elipses menu at the top right of the logs timeseries graph. This will open an integrated Query builder at the bottom of the Logs UI with your Lucene query coverted to to a NRQL TIMESERIES query. You can modify the NRQL query here, or open it in the full Query builder UI to modify it.
For example, you may want search Apache logs for 503 response codes, covert it to a NRQL query with
FACET, view it as Pie Chart, and add that chart to Dashboard. Here's how:
In Logs UI, search for all Apache logs with 503 response codes:
In the elipses menu, select View query to open the integrated Query builder in Logs UI with the search coverted to NRQL.
Enter return to run the NRQL query in the integrated Query builder.
Click the Open in query builder button in the bottom right of the screen.
SINCE <timestamp> UNTIL <timestamp> TIMESERIES MAXpart of the query with
FACET verband click Run.
You should now see a table with all the 503 response codes grouped by method(verb).
Change the Chart type to Pie.
Click Add to Dashboard in the bottom right corner.
For the widget title, enter "Apache 503 errors by Method".
Add it to an existing dashboard or click Or create a new dashboard.