A log, such as an Apache access log, contains thousands of messages. You want to see only messages that indicate errors.
The simplest query, a keyword expression search, can find log messages that contain a word like "error" and thereby ignore messages that are not related to errors. Use the search to find all messages containing the word error:
To find messages that contain error, fail, fails, or failure, use this search:
fail* OR error
Searching for more than one word will only find log messages that contain both words. For example, this query will report messages that have both "fail" AND "error":
Because of this, adding more words to a simple search will select fewer and fewer log messages. A multi-term query using OR, such as "fail OR error OR deny," will match more log messages.
A keyword search must come first, but you can add operators after it. For example, this will sort results by the time the log message was received:
fail* OR error | sort by _messageTime