Skip to content

Get started with explore logs

This quickstart walks you through a complete investigation flow in Explore — from selecting a data source to drilling down into specific log entries. Follow the steps in order to get familiar with the key features.

Explore Logs complete investigation flow from data source selection to log inspection

Step 1: Open Explore

Navigate to Explore from the Coralogix main menu.

Explore opens on the empty state with default values prefilled: the logs dataset, the last 15 minutes, and an empty query. Select a quick-action tile (for example, Log volume over time or Logs by severity) to run your first query, or start typing a query of your own.

Step 2: Select your data source

Use the dataset selector in the query builder to choose the dataset you want to query.

  • Select logs to query your ingested log data (default).
  • Select spans to query distributed tracing data.
  • Select an other dataset to query Coralogix-managed metadata.

For this quickstart, keep the default logs dataset selected.

For more information, see Select a data source.

Step 3: Set the time range

Use the time range control to set the window for your search.

  1. Select the time range control (top-right area of the screen).
  2. Choose a preset such as Last 1 hour, or enter a custom range.
  3. Confirm your selection.

Results and the Fields panel update to reflect the selected time range.

Use the search bar to filter the logs you want to investigate.

  1. Select the search bar.
  2. Type a Lucene query. For example: coralogix.metadata.severity:"Error"
  3. Use the autocomplete suggestions to select fields and values without typing the full path.
  4. Select Run.

Results appear in the logs grid below.

For more information, see Search logs and spans.

Step 5: Filter with fields

Use the Fields panel on the left to narrow your results further.

  1. Open the Fields panel.
  2. Find a field you want to filter on (for example, coralogix.metadata.applicationName).
  3. Expand the field to see its value distribution.
  4. Select a value to add it as a filter.
  5. Select Run to apply.

The filter appears in the query bar. The Fields panel and query bar stay in sync — changes in either place are reflected in the other.

For more information, see Filter with Fields.

Step 6: Analyze log patterns with Templates

Once you've narrowed your search, switch to the Templates tab to see your logs grouped by shared message patterns instead of one row per log. Templates is the fastest way to spot new, rare, or recurring error patterns across high-volume log streams without scanning raw rows.

  1. With your query still active, select the Templates tab next to Logs.
  2. Sort the patterns table by Count (descending) to see the busiest templates, or by First Seen to find patterns that appeared recently.
  3. Select any pattern row to open the Template details info panel, then select Apply to main to filter the Logs tab to only entries matching that template.

For the full feature — including how to alert on a pattern and the limits — see Templates.

Step 7: Group and aggregate results

Use the Query Builder to move from raw log rows to grouped summaries.

  1. Select Grouped by and pick a field (for example, coralogix.metadata.severity).
  2. Select Aggregation and pick Count.
  3. Select Run.

Explore auto-switches to the Overview tab and renders the grouped rows there — each row carries one unique value of the grouped field plus the aggregation result. The Logs and Templates tabs continue to show the raw and patterned views of the same query.

Step 8: Visualize the results

On the Overview tab, switch to a chart to see the distribution.

  1. In the Overview tab toolbar, select the Visualize as dropdown.
  2. Select Vertical bar.

The chart updates to show log counts grouped by severity. Select any bar segment to drill down into the underlying logs.

The Visualize as dropdown only appears on the Overview tab — it's tied to the Grouped by and Aggregation clauses you set in the Query Builder. Clear those chips to return to a raw-rows view, and the dropdown disappears. For the full visualization model, see Overview tab for logs.

Step 9: Inspect a log entry

Select any row in the logs grid to open the log details panel.

  1. Remove the Grouped by and Aggregation chips to return to raw log rows.
  2. Select any log row in the results.
  3. The log details panel opens on the right.

From the panel you can:

  • Review all fields for the selected log entry.
  • Use field-level actions to include or exclude values in the query.
  • Use the Next Log and Previous Log arrow controls to navigate to adjacent log entries.

For more information, see Log details panel.

Additional queries

Try these Lucene queries in the search bar to explore more of what Explore can do.

Filter for logs where a specific field exists
_exists_:cx_rum.page_context.page_fragments
Filter for logs from a specific application
coralogix.metadata.applicationName:"production"
Combine conditions
coralogix.metadata.severity:"Error" AND coralogix.metadata.applicationName:"production"

For chip-based queries, Grouped by / Aggregation clauses, and the Order by / Limit chips, build the same queries in the Query Builder.

Use the browser back button or the main menu to navigate away from Explore. Your current tab configuration is not saved automatically — select Save view in the top header before navigating away if you want to return to this configuration.

For more information on saving and managing views, see Explore tabs, views, and queries.

Next steps

Customize columns, row formatting, and per-row actions in the Logs table.