Logz.io: Search Logs
AvailabilitySee the Incident Workflow Actions Overview table for the plans this workflow is available on.
Description
Search for logs in Logz.io using Elasticsearch DSL query syntax within a specified time range. This action enables automated log analysis during incident response, allowing teams to programmatically retrieve diagnostic data without manual searches in the Logz.io UI.
Instructions
- If you have not done so, follow the instructions to Create an Incident Workflow.
- When the instructions prompt you to add actions, select this action.
- Enter the following Inputs and click Save.
- Continue following instructions to Publish the Workflow.
- When the action runs, you will see the Outputs listed below.
Inputs
Field ReferencesFields with the {+} icon accept Field References, which can be useful for referencing incident data or outputs created in prior workflow steps. To add Field References, click {+}, or enter
{{, and select relevant fields. Refer to the Field References article for more information.
| Name | Description |
|---|---|
| Connection Input | The Logz.io Connection. |
| Query | Elasticsearch DSL query as a JSON string. Example: {"match": {"message": "error"}}. Use {"match_all": {}} for all logs. |
| Start Time | Start time for the log search. Accepts a predefined relative time or an ISO 8601 timestamp, for example, 2025-10-07T14:00:00Z. |
| End Time | End time for the log search. Accepts a predefined relative time or an ISO 8601 timestamp, for example, 2025-10-07T16:00:00Z. |
| Size (Optional) | Maximum number of log entries to return. Maximum: 1000. |
Outputs
| Name | Description |
|---|---|
| Logs | Array of log entries retrieved. |
| Log Count | Total number of log entries returned. |
| Query Used | The query sent to Logz.io. |
| Time Range Start | The start time used for the search. |
| Time Range End | The end time used for the search. |
| Result | Value that shows if the action was successful or not. Either Success or Failed. |
| Result Summary | Brief description of what the action did or if it failed. |
| Error | Brief description that is populated if the action failed. |
Query syntaxThe Query input must be a valid Elasticsearch DSL query expressed as a JSON string, for example,
{"match": {"message": "error"}}. Use{"match_all": {}}to retrieve all logs within the time range.
