Using AND when searching logs

aferrer · April 8, 2021, 1:09am

I am trying to use the api/v2/logs endpoint to get a set of log entries. When I invoke https://[domain]/api/v2/logs?q=type:sepft, I can filter the results so that only events with the type “sepft” (successful exchange of password for token) show up in the search.

But now I want to also filter by date. And when I try “https://[domain]/api/v2/logs?q=type:sepft AND date:[* TO 2021-04-08]” it is considered a bad request with the error message “The query ‘type:sepft AND date:[* TO 2021-04-08]’ cannot be parsed.”

The documentation (https://auth0.com/docs/logs/log-search-query-syntax) says that AND, OR, and NOT operators are supported, but does not give any examples of their use.

What is the proper way to use AND when searching the logs?

Thank you.

ricardo.batista · April 8, 2021, 6:50am

Hi @aferrer

Thanks for reporting this. The issue doesn’t seem to be with the AND identifier since I can successfully get logs for:

https://[domain]/api/v2/logs?q=type:sepft AND date:[2021-04-01 TO 2021-04-08]

The failed parsing error appears only when you use the wildcard in the min range of the date, such as [* TO 2021-04-08]. I’ve reported this to the engineering team, but in the meantime, you can just set a min date as anywhere before your log retention date.

aferrer · April 8, 2021, 1:46pm

Thanks, that was really helpful. I’ll avoid using the wildcards in the date for now.

system · April 23, 2021, 1:47pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.