Search Your Log Data

The Search page serves as the central hub of Graylog, where you can execute searches (queries) and visualize the results using a wide range of widgets. Any search can be saved or exported as a dashboard, allowing for easy reuse of specific search configurations. Dashboards offer the flexibility of widget-specific search queries and can be shared with others to enhance their work-flows.

To further enhance the workflow, you can incorporate parameters into search queries. You can also view the total amount of search results returned for any search query on the information icon (i) found in the top left corner of the Search page. This information is also available for Dashboards.

Ready to level up your Graylog search skills? The free Search Fundamentals course from Graylog Academy teaches you how to craft effective queries and get the most from your data. Perfect for new users or anyone looking to search smarter!

Select Search Undo/Redo

You may go one step back or forward in search or dashboard views using the search undo/redo feature. The undo/redo button can be found in the left sidebar of your search page.

Hint: Please note that although saved changes can be undone or redone, saved actions cannot be reverted. Undoing or redoing causes a change of view only.

If you decide to resize a widget or rearrange a dashboard but are not happy with the outcome, you can revert to the previous state with the undo/redo button. You can experiment with various views without affecting the current dashboard.

Scroll Time Range

After you complete a query, you can use the Show next or Show previous arrows to move the time range. This function allows you to easily view data just outside the defined time range, which can be useful if data you expected didn't appear in the original results or if you want to view how the data trended before or after the targeted query.

The Show next and Show previous buttons are found at either side of the displayed time interval, as shown in the screen shot below. Note that regardless of what method you used to define the time interval, when you select one of these buttons, the displayed time interval switches to show a date/time string, although the interval remains the same.

Arrows beside time range allow scrolling through results data

When you select one of these arrows, the results scroll forward or backward based on the defined time interval. For example, if the defined time range is 5 minutes, clicking the Show next arrow displays the next 5 minutes of data matching the query. Likewise, if the defined range were 2 hours, clicking Show previous would display the 2 hours of matching data before the current results.

For information on how you set the original time range, see Time Frame Selector.

Use Keyboard Shortcuts for Search

Graylog provides the following shortcuts to navigate the search page without using your mouse.

Action	Shortcut
Show available keyboard shortcuts	`?`
Undo last action	`Ctrl + shift + z`
Redo last action	`Ctrl + shift +y`
Save search	`Ctrl + s`
Save search as	`Ctrl + shift +s`
Show scratchpad	`Ctrl + /`

Hint: Holding shift + ? in the Graylog UI brings up a dialogue box that lists available shortcuts for that page. The dialog box will only contain available shortcuts for the page you are on.