Logz.io: Search Logs

📘

Availability

See the Incident Workflow Actions Overview table for the plans this workflow is available on.


Description

Search for logs in Logz.io using Elasticsearch DSL query syntax within a specified time range. This action enables automated log analysis during incident response, allowing teams to programmatically retrieve diagnostic data without manual searches in the Logz.io UI.

Instructions

  1. If you have not done so, follow the instructions to Create an Incident Workflow.
  2. When the instructions prompt you to add actions, select this action.
  3. Enter the following Inputs and click Save.
  4. Continue following instructions to Publish the Workflow.
  5. When the action runs, you will see the Outputs listed below.

Inputs

📘

Field References

Fields with the {+} icon accept Field References, which can be useful for referencing incident data or outputs created in prior workflow steps. To add Field References, click {+}, or enter {{, and select relevant fields. Refer to the Field References article for more information.

NameDescription
Connection InputThe Logz.io Connection.
QueryElasticsearch DSL query as a JSON string. Example: {"match": {"message": "error"}}. Use {"match_all": {}} for all logs.
Start TimeStart time for the log search. Accepts a predefined relative time or an ISO 8601 timestamp, for example, 2025-10-07T14:00:00Z.
End TimeEnd time for the log search. Accepts a predefined relative time or an ISO 8601 timestamp, for example, 2025-10-07T16:00:00Z.
Size
(Optional)
Maximum number of log entries to return. Maximum: 1000.

Outputs

NameDescription
LogsArray of log entries retrieved.
Log CountTotal number of log entries returned.
Query UsedThe query sent to Logz.io.
Time Range StartThe start time used for the search.
Time Range EndThe end time used for the search.
ResultValue that shows if the action was successful or not. Either Success or Failed.
Result SummaryBrief description of what the action did or if it failed.
ErrorBrief description that is populated if the action failed.
📘

Query syntax

The Query input must be a valid Elasticsearch DSL query expressed as a JSON string, for example, {"match": {"message": "error"}}. Use {"match_all": {}} to retrieve all logs within the time range.