Logs Query
The logs query repository retrieves gateway log entries from Elasticsearch. It supports filtering by asset, time range, and free-text search with highlighted results.
Query Capabilities
| Feature | Details |
|---|---|
| Index pattern | logs-gateway-* |
| Asset filtering | Matches on labels.AssetName or labels.AssetId |
| Time range | Filters on @timestamp (inclusive start, exclusive end) |
| Free-text search | Query string search on the message field with wildcard support |
| Highlighting | Matching terms wrapped in <mark> tags |
| Sort order | Most recent first (@timestamp descending) |
| Result limit | 1,000 documents |
Asset Filtering
The query matches on both labels.AssetName and labels.AssetId using an OR condition. This means you can search by either the human-readable name or the internal identifier - useful when asset names have been changed but the ID remains the same.
Free-Text Search
When a search query is provided, it runs as a QueryStringQuery against the message field. Leading wildcards are supported, so searching for *timeout will match log messages ending with "timeout".
Matching terms in results are highlighted with <mark> tags for display in the UI.
Related Documentation
- Metrics Sink - writing telemetry data to Elasticsearch
- Index Migrator - Elasticsearch infrastructure setup