Querying Logs in NewRelic One

Hi,

You can query the logs in the NewRelic once you have the NewRelic Agent installed on the Machine/Server where your project is being hosted. The NewRelic agent will send all the data to the NewRelic cloud where you can log in to check the logs.

As per the NewRelic Docs, it uses Lucene as the query language. It sounds as simple as using SQL for querying the data.

Rules for Querying using Lucene in NewRelic:

1. The attributes are Case Sensitive, hence one must be careful while using them. This would mean that suppose you want to query a log where ‘level’ of the log is ‘info’, then you must use wherelevel:info, and not LEVEL:info. The item on the left of ‘:’ is an attribute.
2. If a term is containing special characters, one or more of the following:  +, -, &, |, !, (, ), {, }, [, ], ^, ", ~, *, ?, :, /, or \, double-quote the term and escape the special characters using a backslash (\).
3. To run an wild card search, use asterisk(*). For example the term an*on starts with ‘an’ and ends with ‘on’ and there can be zero or many characters in between.

Operators for Querying NewRelic Logs:

1. Search for logs containing one or more keywords. Example a query with “order” “transferred" will look for both of these keywords in the logs, and it doesn’t matter if these two keywords are together or far apart from each other. Also, the log will show up even if one of them is present.
2. If you want to match an exact phrase, use double quotes around the phrase. For example, “duplicate id not allowed” is a single phrase and if used in a query it will look for this whole phrase and not the single words within it.
3. For using and Either/or operator use OR. For example “new” OR “Relic” will look for either of the two or both keywords present in the log.
4. For using And operator, user AND. For example “new” AND “Relic” will look for both of the keywords “new” and “Relic” to be present in the log, if either of them is not present, it will not show that log.
5. Negation operator ‘-‘ is used to look for the logs those not containing a specific keyword or phrase. For example -new will look for the log that do not have the keyword “new” in it. For phrases, use double quotes like -“new Relic”.