Docs » Splunk Log Observer Connect » Search logs by keywords or fields

Search logs by keywords or fields 🔗

To search your logs for particular keywords, field names, or field values, follow these steps:

  1. In the content control bar next to the time picker, begin a new query by clicking Add Filter.

  2. To search on a keyword, click the Keyword tab, type the keyword or phrase you want to search on, then press Enter. If you want to search on a field, click the Fields tab, enter the field name, then press Enter.

  3. To continue adding keywords or fields to the search, click Add Filter.

The Timeline and Logs table now display only the log events that contain the keywords you entered. You can continue to add keywords without limit.

Discover keywords by grouping log records 🔗

If you can’t think of keywords to use, group log records using aggregations with statistical analysis. Based on the analysis, identify frequently-repeated words or phrases, which you can then use as keywords. To learn more, see Group logs by fields using log aggregation.