... | logreduce
... | logreduce(field)
Runs LogReduce on the given field. If the field is omitted, the raw message is used by default.
... | logreduce | details clusterId
Shows all the logs matched to a given signature cluster. This is not meant to be used directly by a user, but rather done automatically as a result of drilling down on a cluster in the LogReduce output.
Note: Reusing the same search in a different search tab is not guaranteed to work.
- The logreduce operator cannot be used with group-by functions such as "count by fieldname".