Overview
This article explains why a search query fails when attempting to find information within the details object in tenant logs. For example, a query such as the one below does not return the expected results.
details.authenticator.phone_number:"<phone number>"
Applies To
- Log search
Cause
Tenant log searches only support specific, documented fields. The details object contains fields that are not indexed for searching and therefore cannot be queried directly.
Solution
To search tenant logs, use one of the following methods:
- Ensure search queries only use the searchable fields listed in the Log Search Query Syntax documentation.
- For regular or complex searches on fields that are not indexed, use Log Streams to send logs to an external log aggregation service. Once the logs are in the aggregation service, searches can be performed without field restrictions.