Queries in Log Insight can retrieve and summarize events.

You can create and save queries from the Interactive Analysis page. A query consists of one or more of the following:

Keywords

Complete, or full-text, alphanumeric, hyphen, and/or underscore matches.

Globs

Complete, or full-text, alphanumeric, hyphen, and/or underscore matches.

Regular expressions

Sophisticated string pattern matching based on Java regular expressions.

Field operations

Keyword, regular expression, and pattern matches applied to extracted fields.

Aggregations

Functions that are applied to one or more subgroups of the results.

Log Insight supports the following types of queries:

Message. A query made up of keywords, regular expressions and/or field operations.

Regular expression or field. A query made up of keywords and/or regular expressions.

Aggregation. A query made up of a function, one or more groupings, and any number of fields.

You can define custom alerts inLog Insight and trigger them from scheduled queries of any type.