Sample Queries for Filtering Records

You can use the following sample queries as a reference or example to create your own queries and filter records.

Sample Queries

Exclude Specific Hosts

Query:

host.name.keyword:(NOT hdp1001.qe.iti.acceldata.dev hdp1002.qe.iti.acceldata.dev)

This example shows how to filter out particular hosts from your search results in Pulse.

• Field: host.name.keyword – the field you are filtering on
• Operator: NOT – excludes the specified values
• Values: hdp1001.qe.iti.acceldata.dev hdp1002.qe.iti.acceldata.dev – the hosts to exclude

You can list multiple hosts, separated by spaces, and all of them will be excluded from the results.

Exclude Specific Sources

Query:

source:(NOT state-change.log server.log)

This example shows how to filter out particular log sources from your search results in Pulse.

• Field: source – filter by log source
• Operator: NOT – exclude the specified values
• Values: state-change.log server.log – the sources you want to exclude.

Exclude Specific Services

Query:

fields.component:(NOT yarn_application kafka_server_gc)

This example shows how to filter out particular services from your search results in Pulse.

• Field: fields.component – filter by service/component
• Operator: NOT – excludes the specified values
• Values: yarn_application kafka_server_gc – the services to exclude

Exclude Specific Log Levels

Query:

loglevel:(NOT INFO WARN)

This example shows how to filter out particular log levels from your search results in Pulse.

• Field: loglevel – filter by log severity
• Operator: NOT – excludes the specified values
• Values: INFO WARN – the log levels to exclude

Exclude or Include Log Messages With Certain Keywords

Query:

message:(+exception -connection)

This example shows how to filter log messages that contain specific keywords in Pulse search results.

• Field: message – filter by log message content
• Operator: + – include messages containing this term
• Operator: - – exclude messages containing this term
• Values: exception (included), connection (excluded)

Combine Multiple Filters

Query:

host.name.keyword:(NOT hdp1001.qe.iti.acceldata.dev hdp1002.qe.iti.acceldata.dev) 

AND source:(NOT state-change.log server.log) 

AND fields.component:(NOT yarn_application kafka_server_gc) 

AND loglevel:(NOT INFO WARN) 

AND message:(+exception -connection)

This combined filter query enables you to refine results by multiple dimensions simultaneously: excluding specific hosts, sources, services, and log levels, while including/excluding specific keywords in the messages.