diff --git a/docs/VictoriaLogs/LogsQL.md b/docs/VictoriaLogs/LogsQL.md index aa2bcdad3a..2509b80c4a 100644 --- a/docs/VictoriaLogs/LogsQL.md +++ b/docs/VictoriaLogs/LogsQL.md @@ -25,9 +25,6 @@ For example, the following query finds all the logs with `error` word: error ``` -This query matches logs with any [timestamp](https://docs.victoriametrics.com/VictoriaLogs/keyConcepts.html#time-field), -e.g. it may return logs from the previous year alongside recently ingested logs. - If the queried [word](#word) clashes with LogsQL keywords, then just wrap it into quotes. For example, the following query finds all the log messages with `and` [word](#word): @@ -48,6 +45,9 @@ finds log messages with the `error: cannot find file` phrase: "error: cannot find file" ``` +Queries above match logs with any [timestamp](https://docs.victoriametrics.com/VictoriaLogs/keyConcepts.html#time-field), +e.g. they may return logs from the previous year alongside recently ingested logs. + Usually logs from the previous year aren't so interesting comparing to the recently ingested logs. So it is recommended adding [time filter](#time-filter) to the query. For example, the following query returns logs with the `error` [word](#word), diff --git a/docs/VictoriaLogs/keyConcepts.md b/docs/VictoriaLogs/keyConcepts.md index b3ba6d0b6d..ac2db9bfbb 100644 --- a/docs/VictoriaLogs/keyConcepts.md +++ b/docs/VictoriaLogs/keyConcepts.md @@ -2,8 +2,8 @@ ## Data model -[VictoriaLogs](https://docs.victoriametrics.com/VictoriaLogs/) works with structured logs. -Every log entry may contain arbitrary number of `key=value` pairs (aka fields). +[VictoriaLogs](https://docs.victoriametrics.com/VictoriaLogs/) works with both structured and unstructured logs. +Every log entry must contain at least [log message field](#message-field) plus arbitrary number of additional `key=value` fields. A single log entry can be expressed as a single-level [JSON](https://www.json.org/json-en.html) object with string keys and values. For example: