Era Software

Exploring data in the EraSearch UI

The EraSearch UI helps you view, explore, and query your log data. On this page, you'll learn how to:

  • Access the EraSearch UI
  • View and explore data based on time and other filters
  • Search data using basic query syntax

This content is intended for engineers and developers using EraSearch on EraCloud. If you haven't already, get started with an EraCloud account and learn the basics.

Before you begin

The examples on this page use the sample data below. If you'd like to follow along, feel free to write the data to your database.

{"index":{"_index":"customers"}}
{"customer.firstname":"lian","dog.name":"spot","_line":"account pending","treats":3,"_ts":1635037200000}
{"index":{"_index":"customers"}}
{"customer.firstname":"lilly","cat.name":"whiskers","_line":"account verified","treats":2,"_ts":1635040800000}
{"index":{"_index":"customers"}}
{"customer.firstname":"lele","dog.name":"chewy","_line":"account verified","treats":5,"_ts":1635044400000}
{"index":{"_index":"customers"}}
{"customer.firstname":"lillie","dog.name":"tofu","_line":"account pending","treats":6,"_ts":1635048000000}
{"index":{"_index":"customers"}}
{"customer.firstname":"lily","dog.name":"mabel","_line":"account verified","treats":1,"_ts":1635051600000}
{"index":{"_index":"customers"}}
{"customer.firstname":"linus","dog.name":"wolfie","_line":"account pending","treats":2,"_ts":1635058800000}
{"index":{"_index":"customers"}}
{"customer.firstname":"liz","dog.name":"floof","_line":"account verified","treats":8,"_ts":1635058800000}
{"index":{"_index":"customers"}}
{"customer.firstname":"lilly","dog.name":"olaf","_line":"account verified","treats":4,"_ts":1635058800000}

Access the EraSearch UI

To access the UI, sign in to your EraCloud account and click EraSearch UI. By default, the UI displays all data written in the past 15 minutes.

Select time ranges

Use the EraSearch UI to explore data within specific time ranges. For example, you can view data from the past five minutes, the past month, or between specific dates.

Follow these steps to view the sample data from October 24, 2021:

  1. In the EraSearch UI, click FILTERS and make sure customers is selected under Index
  2. Click Past 15 min (UTC) and enter the following dates in the FROM and TO inputs:
    • 2021-10-24 00:00:00
    • 2021-10-24 08:00:00

EraSearch returns eight documents organized by time.

Generate queries

If you're exploring your data or learning the syntax, the EraSearch UI can generate queries for you. To generate queries, select the different indexes and field values in the UI's FILTERS tab.

Follow the steps below to see an example of a generated query. The query searches for data where customers.firstname is lilly and cat.name isn't whiskers:

  1. Navigate to the FILTERS tab and make sure customers is selected under Index
  2. Under customers.firstname, click lilly > Show matching
  3. Under cat.name, click whiskers > Hide matching
  4. View the generated query in the search box and the one returned document

You can click the returned document to get more information about the data. To reset the UI, delete the query from the search box and press Enter.

Enter custom queries

EraSearch supports most of Elasticsearch's query string syntax. Use the same syntax to enter custom queries in the UI, and explore data based on keywords, ranges, booleans, and wildcards.

Here's an example of a custom query on the sample data:

customer.firstname:l?l* AND _line:verified AND _exists_:dog.name AND treats: > 1

When you enter it in the EraSearch UI, the query returns these documents:

{"customer.firstname":"lilly","dog.name":"olaf","_line":"account verified","treats":4,"_ts":1635058800000}
{"customer.firstname":"lele","dog.name":"chewy","_line":"account verified","treats":5,"_ts":1635044400000}

The sections below break down that example into subqueries and highlight query syntax essentials.

Querying with wildcards

customer.firstname:l?l*

This subquery uses wildcards, where ? indicates one character and * indicates zero or more characters. When you run the subquery on the sample data, it captures these variations of lilly in the customer.firstname field: lilly, lily, lillie, and lele.

Querying keywords

_line:verified

This subquery searches for keywords in the data. When you run the subquery on the sample data, it returns five documents where _line contains verified.

Note that the subquery uses verified instead of account verified. That substring search is possible because EraSearch auto-parses _line values into distinct strings. For example, EraSearch stores the _line value "health check" as ["health","check"]. By default, EraSearch doesn't auto-parse the values of other field keys such as line or _logline.

Querying fields with non-null values

_exists_:dog.name

The _exists_:dog.name subquery searches for documents where a specific field key has non-null values.

In this case, EraSearch returns documents if dog.name has a value (such as olaf) or an empty string "". EraSearch omits documents if dog.name doesn't appear in the document or if dog.name is set to null.

Querying ranges

treats: > 1

The treats: > 1 subquery searches for a specific numerical range in the data. When you run this subquery on the sample data, it returns seven documents where the number of treats is greater than one.

Here are some more examples of querying with ranges:

  • treats:[1 TO 2] - Return documents where the treats field key has values between one and two
  • dog.name:[spot TO wolfie} - Return documents where the dog.name field key has values between spot and wolfie, not including wolfie

Next steps

To learn more about the query syntax, visit Elasticsearch's Query string syntax documentation. To write your own data to EraSearch, visit Writing bulk data from files.