Upgrade & Secure Your Future with DevOps, SRE, DevSecOps, MLOps!

We spend hours scrolling social media and waste money on things we forget, but won’t spend 30 minutes a day earning certifications that can change our lives.
Master in DevOps, SRE, DevSecOps & MLOps by DevOpsSchool!

Learn from Guru Rajesh Kumar and double your salary in just one year.


Get Started Now!

New Relic Log Search Tutorial with Examples

Here is a comprehensive tutorial for New Relic Log Search covering all the items you’ve listed, with real-world examples specifically tailored for Linux and Apache logs. The queries assume your logs are being forwarded correctly to New Relic and are accessible via Logs UI or Log Search (NRQL/Lucene).


🔍 New Relic Log Search Tutorial with Examples


✅ 1. Single Term Search

A single term searches for a single word in the log messages.

Syntax:

<word>
Code language: HTML, XML (xml)

Example:

error

Matches logs that include the word error anywhere in the log message.

🔧 Use Case:
Search for generic error logs from Apache or Linux syslog:

error

✅ 2. Double Term (Phrase Search)

To search for an exact phrase, enclose it in double quotes.

Syntax:

"phrase with spaces"
Code language: JSON / JSON with Comments (json)

Example:

"connection timed out"
Code language: JSON / JSON with Comments (json)

Finds logs that contain the exact phrase connection timed out.

🔧 Use Case:
Apache logs with specific connection errors:

"client denied by server configuration"
Code language: JSON / JSON with Comments (json)

✅ 3. OPERATORS

🔹 AND (default behavior)

Narrows results by requiring both terms to appear.

Syntax:

term1 AND term2

OR just:

term1 term2

Example:

apache error

Matches logs containing both apache and error.


🔹 OR

Broadens results by matching either term.

Syntax:

term1 OR term2

Example:

warning OR critical

🔧 Use Case:
Search Linux logs for multiple log levels:

"kernel" AND (warning OR error)
Code language: JavaScript (javascript)

🔹 NOR (Negation)

Used for negation of one or more terms.

Syntax:

NOT term

New Relic does not support NOR, but you can achieve negation using NOT.

Example:

apache NOT error

🔧 Use Case:
Find Apache logs that do not contain error.


✅ 4. Regular Expression (RegEx)

Use regex to match complex patterns.

Syntax:

message =~ /pattern/
Code language: JavaScript (javascript)

Example:

message =~ /failed.*login/
Code language: JavaScript (javascript)

Matches messages with phrases like failed user login, failed root login, etc.

🔧 Use Case (Linux auth logs):

message =~ /invalid user.*from/
Code language: JavaScript (javascript)

Detect brute-force attempts on SSH.


✅ 5. FIELD FILTERS

Filter logs by specific field values.

🔹 Format:

<field>:<value>
Code language: HTML, XML (xml)

🔹 Examples:

Linux Example:
hostname:my-linux-server
Code language: CSS (css)
Apache Example:
service:apache AND level:error
Code language: CSS (css)
Combined:
service:apache AND message:"file not found"
Code language: CSS (css)
Timestamp Range:
timestamp >= '2025-05-20T00:00:00Z' AND timestamp < '2025-05-21T00:00:00Z'
Code language: JavaScript (javascript)

🧠 Bonus: Apache & Linux Log Examples

1. Apache Access Denied Errors

service:apache AND message:"client denied by server configuration"
Code language: CSS (css)

2. Linux SSH Login Failures

service:syslog AND message =~ /Failed password for invalid user/
Code language: JavaScript (javascript)

3. Filter by Host and Level

hostname:prod-server-01 AND level:error
Code language: CSS (css)

4. Apache 404 Errors

service:apache AND message:"404 Not Found"
Code language: CSS (css)

💡 Tips for Using New Relic Logs UI

  • Use saved queries for repeated searches.
  • Use faceted search to group logs by fields (like hostname, service, level).
  • Click on fields to create filters interactively.

Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments

Certification Courses

DevOpsSchool has introduced a series of professional certification courses designed to enhance your skills and expertise in cutting-edge technologies and methodologies. Whether you are aiming to excel in development, security, or operations, these certifications provide a comprehensive learning experience. Explore the following programs:

DevOps Certification, SRE Certification, and DevSecOps Certification by DevOpsSchool

Explore our DevOps Certification, SRE Certification, and DevSecOps Certification programs at DevOpsSchool. Gain the expertise needed to excel in your career with hands-on training and globally recognized certifications.

0
Would love your thoughts, please comment.x
()
x