Get started with Explore Logs

This quickstart walks you through a complete investigation flow in Explore — from selecting a data source to drilling down into specific log entries. Follow the steps in order to get familiar with the key features.

Step 1: Open Explore

Navigate to Explore from the Coralogix main menu.

Explore opens with the default view: an empty query, the logs dataset selected, and the time range set to the last 15 minutes.

Step 2: Select your data source

Use the dataset selector at the top of the screen to choose the dataset you want to query.

• Select logs to query your ingested log data (default).
• Select spans to query distributed tracing data.
• Select a system dataset to query Coralogix-managed metadata.

For this quickstart, keep the default logs dataset selected.

For more information, see Select a data source.

Step 3: Set the time range

Use the time range control to set the window for your search.

1. Select the time range control (top-right area of the screen).
2. Choose a preset such as Last 1 hour, or enter a custom range.
3. Confirm your selection.

Results and the Fields panel update to reflect the selected time range.

Step 4: Run a search

Use the search bar to filter the logs you want to investigate.

1. Select the search bar.
2. Type a Lucene query. For example: coralogix.metadata.severity:"Error"
3. Use the autocomplete suggestions to select fields and values without typing the full path.
4. Select Run.

Results appear in the logs grid below.

For more information, see Search logs and spans.

Step 5: Filter with Fields

Use the Fields panel on the left to narrow your results further.

1. Open the Fields panel.
2. Find a field you want to filter on (for example, coralogix.metadata.applicationName).
3. Expand the field to see its value distribution.
4. Select a value to add it as a filter.
5. Select Run to apply.

The filter appears in the query bar. The Fields panel and query bar stay in sync — changes in either place are reflected in the other.

For more information, see Filter with Fields.

Step 6: Group and aggregate results

Use the Query Builder to move from raw log rows to grouped summaries.

1. Select Group by and choose a field (for example, coralogix.metadata.severity).
2. Select Aggregation and choose count.
3. Select Run.

The results table changes from individual log rows to grouped rows with a count for each severity level.

For more information, see Query Builder.

Step 7: Visualize the results

Switch to a chart to see the distribution over time.

1. Above the results panel, select the Visualize as dropdown.
2. Select Vertical bar chart.

The chart updates to show log counts grouped by severity over your selected time range. Select any bar segment to drill down into the underlying logs.

For more information, see Visualize log data.

Step 8: Inspect a log entry

Select any row in the logs grid to open the log details panel.

1. Switch back to the Table view using the Visualize as dropdown.
2. Select any log row in the results.
3. The log details panel opens on the right.

From the panel you can:

• Review all fields for the selected log entry.
• Use field-level actions to include or exclude values in the query.
• Navigate to adjacent log entries using the arrow controls.

For more information, see Log details panel.

Additional queries

Try these queries to explore more of what Explore can do:

Filter for logs where a specific field exists:

_exists_:cx_rum.page_context.page_fragments

Filter for logs from a specific application:

coralogix.metadata.applicationName:"production"

Combine conditions:

coralogix.metadata.severity:"Error" AND coralogix.metadata.applicationName:"production"

Navigate back

Use the browser back button or the main menu to navigate away from Explore. Your current tab configuration is not saved automatically — use Save view from the Explore actions menu before navigating away if you want to return to this configuration.

For more information on saving and managing views, see Explore tabs, views, and queries.