I’m trying to filter for log messages with a type such as “Success Silent Auth”. If I read the documentation correctly, then a query such as this should succeed:
type:*Silent*
However, you guessed it, this query does not return any data. Neither does this:
type:*silent*
Or these:
type:Su*
type:su*
type:S*
But, the example from the documentation does succeed:
type:s*
Hopefully, someone can help me figure out what I’m missing. 
Hi @clambert,
Welcome to the Community!
The query syntax used is called Lucene Query Syntax which you can read about here: Lucene Query Syntax - Lucene Tutorial.com
When you search by type, it actually searches by the event type code instead of the event type label. If you take a look at the raw JSON in one of the logs, you can find the type code of the log type. For “Success Silent Auth” the type code is ssa:
The search type:ssa will pull up all the successful silent auth logs available to your tenant.
Here is a list of all log type codes: https://auth0.com/docs/logs/log-event-type-codes
Ah ha, thank you! I appreciate the quick response.
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.
