SMLL Docs

Search & Filtering

Search, filter, and save log queries across all your services.

SMLL provides full-text search across all your logs. Find specific errors, trace requests, or investigate incidents without leaving the browser.

Searching logs

  1. Navigate to the Logs tab (service or VPC level)
  2. Enter your search term in the search bar
  3. Results are displayed with matching terms highlighted

Search syntax

PatternDescriptionExample
Plain textMatch exact textconnection refused
QuotesMatch exact phrase"failed to connect"
RegexRegular expressionerror.*timeout
Service filterLogs from specific serviceSelect from dropdown
Pod filterLogs from specific podbackend-abc123

Search is powered by Loki and supports case-insensitive regular expressions.

Navigate to the Logs tab at the VPC level to search across all services in that VPC simultaneously. This is useful for tracing requests that span multiple services or investigating infrastructure-wide issues.

Filtering by time range

Use the time range picker to narrow your search:

  • Last 15 minutes / 1 hour / 6 hours / 24 hours
  • Last 7 days / 30 days
  • Custom range: Pick exact start and end times

Filtering by severity

If your application uses structured logging with severity levels, you can filter by:

  • INFO — Normal operations
  • WARN — Potential issues
  • ERROR — Failures
  • DEBUG — Verbose debugging output (if your app produces it)

Saved searches

Save frequently used search queries for quick access:

  1. Run a search with your desired filters (query, time range, severity, service)
  2. Click Save Search
  3. Enter a name for the saved search
  4. Click Save

Saved searches appear in the dropdown next to the search bar. Click one to instantly apply its filters. Saved searches are shared across your workspace.

To delete a saved search, open the dropdown and click the delete icon next to it.

Log-based alert rules

Create alert rules that fire when log patterns match:

  1. From the Logs tab, click Create Alert
  2. Configure:
    • Name — a label for this alert rule
    • Query — the LogQL query to match (e.g. {namespace="vpc-abc"} |= "error")
    • Threshold — how many matching lines to trigger on (default: 1)
    • Window — time window in minutes (1–1440, default: 5)
    • Severity — info, warning, or critical
    • Notification channel — where to send alerts (optional)
  3. Click Create

Log-based alerts are evaluated continuously. When the number of matching log lines within the window exceeds the threshold, the alert fires and sends a notification to the configured channel.

Manage alert rules from the Logs > Alerts sub-tab.

Retention

Logs are retained for 30 days. Older logs are automatically deleted. Results are limited to 5,000 entries per query — use time range and service/pod filters to narrow large result sets.

Tips

  • Search is case-insensitive by default
  • Use time range filtering to narrow large result sets
  • Combine service filtering with text search for targeted results
  • Jump to a specific timestamp if you know when an issue occurred
  • Use regex patterns like error|warn to match multiple terms at once
  • Save common debugging queries (e.g. "OOM", "connection refused") for quick reuse

On this page

Searching logsSearch syntaxVPC-level searchFiltering by time rangeFiltering by severitySaved searchesLog-based alert rulesRetentionTips