Log Search
The Search page in Bronto provides you with a powerful log explorer that allows you to quickly scan through millions of events to find the ones you need, and allows you to gain valuable insights through numerical queries.
You can refine your search results and filter out irrelevant events by using a simple syntax in the search bar, or you can use our powerful query language for total control and to perform sophisticated queries.
Overview
To start searching logs, click on the "Logs" item in the application sidebar.
-
Select the logs you wish to search from the log selector on the left side of the page. One or more logs maybe selected.
-
Select the time range to execute your search on.
-
Enter a search query in the search bar to filter results, or leave it empty to return all log events. Learn more about our Query Language here.
Search Results
Timeline
A time series showing where the results fall across the search time range is displayed immediately below the search bar.
Using your cursor, it is possible to refine the search time range by clicking and dragging the timeline.
Event results
The log entries returned by the search are displayed in tabular format below the summary. The table has a column for each field that was configured in the fields textbox, by default all fields are shown.
Clicking on any row in the table opens a sliding panel which displays various tabs related to the event which include Event Attributes, Resource Attributes and the Raw Event. From this pane you can can use keyboard arrows to view previous/next event.
Time series results
The time series views allow you to compute statistical functions over a specified time range, enabling deeper insights into your event data by visualizing trends and patterns.
The following functions are supported:
| Function | Description |
|---|---|
| Count | The total number of events within the specified time range. |
| Average | The average value of a specified numeric attribute in your events. |
| Min | The minimum value of a specified numeric attribute in your events. |
| Max | The maximum value of a specified numeric attribute in your events. |
| Sum | The total sum of a specified numeric attribute your events. |
| Median | The median value of a specified numeric attribute in your events. |
Additionally, the time series results supports grouping data by multiple dimensions (up to 5).
Group-by results are exact for up to 1000 unique groups. For example, if you group by user and action, the combination of alice, login and alice, logout counts as two distinct groups. When there are more than 1000 unique groups, an approximation is used, returning the most frequent groups.
