Querying logs from the UI with wildcards

I’m trying to filter for log messages with a type such as “Success Silent Auth”. If I read the documentation correctly, then a query such as this should succeed:

type:*Silent*

However, you guessed it, this query does not return any data. Neither does this:

type:*silent*

Or these:

type:Su*
type:su*
type:S*

But, the example from the documentation does succeed:

type:s*

Hopefully, someone can help me figure out what I’m missing. :pray:

Hi @clambert,

Welcome to the Community!

The query syntax used is called Lucene Query Syntax which you can read about here: Lucene Query Syntax - Lucene Tutorial.com

When you search by type, it actually searches by the event type code instead of the event type label. If you take a look at the raw JSON in one of the logs, you can find the type code of the log type. For “Success Silent Auth” the type code is ssa:

The search type:ssa will pull up all the successful silent auth logs available to your tenant.

Here is a list of all log type codes: Log Event Type Codes

1 Like

Ah ha, thank you! I appreciate the quick response.

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.