Documentation

Support

Cloud Code

Use modules

Use scripts

Use Triggers

Open Unity Dashboard

Cloud Code

Filter logs

Query and filter your structured logs using a custom query language with operators and boolean expressions.
Read time 2 minutesLast updated 18 hours ago
The Logging service supports a custom query language that allows you to easily filter your structured logs. This section walks you through the syntax and usage of the query language, and provides some examples to help you get started.

Basic syntax and operators

A filter query consists of one or more conditions. The basic syntax of a condition consists of the following components:

Component

Condition

FieldThe field you want to filter on, such as 
severityText
, 
body
, or 
logAttributes
.
OperatorOne of the supported operators. Refer to the table of operators below.
ValueThe value you want to compare the field against.
Refer to the table below for a list of supported operators.

Operator

Meaning

=
equals
!=
not equals
~=
contains (only available on 
body
)
!~=
does not contain (only available on 
body
)
\>
greater than
<
less than
<=
less than or equal to
\>=
greater than or equal to

Boolean expressions and grouping

You can create complex filter queries using boolean expressions and grouping with parentheses. This allows you to combine multiple conditions to create precise filters.

Boolean expression

Meaning

AND
or 
&&
Require both conditions on either side to be true.
OR
or 
||
Require at least one of the conditions on either side to be true.
GroupingUse parentheses ( and ) to group expressions and control the order of evaluation.
Line feeds are also interpreted as boolean 
AND
s to simplify query writing. This means that you can write one condition per line when you want them all to be matched.

Examples of filter queries

Select all logs with a certain severity level: 
severityText = "ERROR"
Select all logs from Cloud Code that are above a certain severity level (newlines are treated as AND): 
resourceAttributes.service.name = "cloud-code"severityNumber >= 12
Exclude logs with a particular word in the message: 
body !~= "healthcheck"
Combine multiple conditions and groupings (using severity alias): 
(logAttributes.event.name = "example-event" AND body ~= "timeout") OR (logAttributes.custom.counter > 9000 AND severity = "WARN")

Notes

The following notes apply to the filter query language:
  • The 
    severityText
    field is also aliased as 
    severity
    for convenience
  • Fuzzy match operators (~= and !~=) are only supported for the 
    body
    field
  • The 
    logAttributes
    keys are case-sensitive
  • The 
    logAttributes
    values are automatically converted to string