Era Software

No results match your query

Exploring data in EraSearch's UI

Estimated reading time: 4 minutes
  • guide
  • eracloud

EraSearch's UI helps you view, explore, and query your log data. On this page, you'll learn how to:

  • Access the UI
  • View and explore data based on time and other filters
  • Search data using basic query syntax

This content is intended for engineers and developers using EraSearch on EraCloud. If you haven't already, get started with an EraCloud account and learn the basics.

Before you begin
Copy
Copied!

The examples on this page use the sample data below. If you'd like to follow along, feel free to write the data to your database.

Copy
Copied!
{"index":{"_index":"customers"}}
{"customer.firstname":"lian","dog.name":"spot","_line":"account pending","treats":3,"_ts":1635037200000}
{"index":{"_index":"customers"}}
{"customer.firstname":"lilly","cat.name":"whiskers","_line":"account verified","treats":2,"_ts":1635040800000}
{"index":{"_index":"customers"}}
{"customer.firstname":"lele","dog.name":"chewy","_line":"account verified","treats":5,"_ts":1635044400000}
{"index":{"_index":"customers"}}
{"customer.firstname":"lillie","dog.name":"tofu","_line":"account pending","treats":6,"_ts":1635048000000}
{"index":{"_index":"customers"}}
{"customer.firstname":"lily","dog.name":"mabel","_line":"account verified","treats":1,"_ts":1635051600000}
{"index":{"_index":"customers"}}
{"customer.firstname":"linus","dog.name":"wolfie","_line":"account pending","treats":2,"_ts":1635058800000}
{"index":{"_index":"customers"}}
{"customer.firstname":"liz","dog.name":"floof","_line":"account verified","treats":8,"_ts":1635058800000}
{"index":{"_index":"customers"}}
{"customer.firstname":"lilly","dog.name":"olaf","_line":"account verified","treats":4,"_ts":1635058800000}

Access EraSearch's UI
Copy
Copied!

To access the UI, sign in to your EraCloud account and click Search. By default, the UI displays all data written in the past 15 minutes.

Select time ranges
Copy
Copied!

Use the UI to explore data within specific time ranges. For example, you can view data from the past five minutes, the past month, or between specific dates.

Follow these steps to view the sample data from October 24, 2021:

  1. In the UI, make sure customers is selected under Index
  2. Click Past 15 min (UTC) and enter the following dates in the FROM and TO inputs:
    • 2021-10-24 00:00:00
    • 2021-10-24 08:00:00

EraSearch returns eight documents

document

A document is a JSON object made up of data. In EraSearch, all documents have a unique identifier (_id) and a timestamp (_ts). Most documents include additional fields. Here's an example of a document:

Copy
Copied!
{"_id":4248176661010579457,"_line":"access","response":200,"_ts":1634060854000}
organized by time.

Generate queries
Copy
Copied!

If you're exploring your data or learning the syntax, the UI can generate queries for you. To generate queries, select the different indexes

index

An index is a group of similar documents. With EraSearch, you can query documents in one or more indexes to optimize your searches.

and field

field

A field is data stored as a key and value pair.

values in the UI.

Follow the steps below to see an example of a generated query. The query searches for data where customers.firstname is lilly and cat.name isn't whiskers:

  1. Make sure customers is selected under Index
  2. Under customers.firstname, click lilly > Show matching
  3. Under cat.name, click whiskers > Hide matching
  4. View the generated query in the search box and the one returned document

You can click the returned document to get more information about the data. To reset the UI, delete the query from the search box and press Enter.

Enter custom queries
Copy
Copied!

EraSearch supports most of Elasticsearch's query string syntax. Use the same syntax to enter custom queries in the UI, and explore data based on keywords, ranges, booleans, and wildcards.

Here's an example of a custom query on the sample data:

Copy
Copied!
customer.firstname:l?l* AND _line:verified AND _exists_:dog.name AND treats: > 1

When you enter it in the UI, the query returns these documents:

Copy
Copied!
{"customer.firstname":"lilly","dog.name":"olaf","_line":"account verified","treats":4,"_ts":1635058800000}
{"customer.firstname":"lele","dog.name":"chewy","_line":"account verified","treats":5,"_ts":1635044400000}

The sections below break down that example into subqueries and highlight query syntax essentials.

Querying with wildcards
Copy
Copied!

Copy
Copied!
customer.firstname:l?l*

This subquery uses wildcards, where ? indicates one character and * indicates zero or more characters. When you run the subquery on the sample data, it captures these variations of lilly in the customer.firstname field: lilly, lily, lillie, and lele.

Querying keywords
Copy
Copied!

Copy
Copied!
_line:verified

This subquery searches for keywords in the data. When you run the subquery on the sample data, it returns five documents where _line contains verified.

Note that the subquery uses verified instead of account verified. That substring search is possible because EraSearch auto-parses _line values into distinct strings. For example, EraSearch stores the _line value "health check" as ["health","check"]. By default, EraSearch doesn't auto-parse the values of other field keys such as line or _logline.

Querying fields with non-null values
Copy
Copied!

Copy
Copied!
_exists_:dog.name

The _exists_:dog.name subquery searches for documents where a specific field key has non-null values.

In this case, EraSearch returns documents if dog.name has a value (such as olaf) or an empty string "". EraSearch omits documents if dog.name doesn't appear in the document or if dog.name is set to null.

Querying ranges
Copy
Copied!

Copy
Copied!
treats: > 1

The treats: > 1 subquery searches for a specific numerical range in the data. When you run this subquery on the sample data, it returns seven documents where the number of treats is greater than one.

Here are some more examples of querying with ranges:

  • treats:[1 TO 2] - Return documents where the treats field key has values between one and two
  • dog.name:[spot TO wolfie} - Return documents where the dog.name field key has values between spot and wolfie, not including wolfie

Next steps
Copy
Copied!

To learn more about the query syntax, visit Elasticsearch's Query string syntax documentation. To write your own data to EraSearch, visit Writing bulk data and the guides on Cloudflare, Fluentd, and Vector.