Using AND when searching logs

I am trying to use the api/v2/logs endpoint to get a set of log entries. When I invoke https://[domain]/api/v2/logs?q=type:sepft, I can filter the results so that only events with the type “sepft” (successful exchange of password for token) show up in the search.

But now I want to also filter by date. And when I try “https://[domain]/api/v2/logs?q=type:sepft AND date:[* TO 2021-04-08]” it is considered a bad request with the error message “The query ‘type:sepft AND date:[* TO 2021-04-08]’ cannot be parsed.”

The documentation (Log Search Query Syntax) says that AND, OR, and NOT operators are supported, but does not give any examples of their use.

What is the proper way to use AND when searching the logs?

Thank you.

Hi @aferrer

Thanks for reporting this. The issue doesn’t seem to be with the AND identifier since I can successfully get logs for:

https://[domain]/api/v2/logs?q=type:sepft AND date:[2021-04-01 TO 2021-04-08]

The failed parsing error appears only when you use the wildcard in the min range of the date, such as [* TO 2021-04-08]. I’ve reported this to the engineering team, but in the meantime, you can just set a min date as anywhere before your log retention date.

2 Likes

Thanks, that was really helpful. I’ll avoid using the wildcards in the date for now.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.