Filter logs

The Logging service supports a custom query language that allows you to easily filter your structured logs. This section walks you through the syntax and usage of the query language, and provides some examples to help you get started.

Basic syntax and operators

A filter query consists of one or more conditions. The basic syntax of a condition consists of the following components:

ComponentCondition
FieldThe field you want to filter on, such as severityText, body, or logAttributes.
OperatorOne of the supported operators. Refer to the table of operators below.
ValueThe value you want to compare the field against.

Refer to the table below for a list of supported operators.

OperatorMeaning
=equals
!=not equals
~=contains (only available on body)
!~=does not contain (only available on body)
\>greater than
<less than
<=less than or equal to
\>=greater than or equal to

Boolean expressions and grouping

You can create complex filter queries using boolean expressions and grouping with parentheses. This allows you to combine multiple conditions to create precise filters.

Boolean expressionMeaning
AND or &&Require both conditions on either side to be true.
OR or ||Require at least one of the conditions on either side to be true.
GroupingUse parentheses ( and ) to group expressions and control the order of evaluation.

Line feeds are also interpreted as boolean ANDs to simplify query writing. This means that you can write one condition per line when you want them all to be matched.

Examples of filter queries

Select all logs with a certain severity level:

severityText = "ERROR"

Select all logs from Cloud Code that are above a certain severity level (newlines are treated as AND):

resourceAttributes.service.name = "cloud-code"
severityNumber >= 12

Exclude logs with a particular word in the message:

body !~= "healthcheck"

Combine multiple conditions and groupings (using severity alias):

(logAttributes.event.name = "example-event" AND body ~= "timeout") OR (logAttributes.custom.counter > 9000 AND severity = "WARN")

Notes

The following notes apply to the filter query language:

  • The severityText field is also aliased as severity for convenience
  • Fuzzy match operators (~= and !~=) are only supported for the body field
  • The logAttributes keys are case-sensitive
  • The logAttributes values are automatically converted to string
Unity logo Documentation
Copyright © 2024 Unity Technologies
"Unity", Unity logos, and other Unity trademarks are trademarks or registered trademarks of Unity Technologies or its affiliates in the U.S. and elsewhere (more info here). Other names or brands are trademarks of their respective owners.