Basic Querying

Now that you have Logship running, let's explore how to query your data. This guide continues from our Single Node setup.

Accessing the Query Interface

1. First, ensure your Logship instance is running:

docker-compose up -d

2. Navigate to the Logship Frontend:
   • Open your browser and go to http://localhost:8000/
   • Log in with your credentials
   • Click on Query in the navigation menu (or use this direct link if you're following the guided setup)

Your First Query

Let's start with a simple query to explore available tables:

schema.tables
| limit 100

This query shows you all tables in your Logship database. It's a great way to discover what data you have available.

Track Your Activity

Want to see your own activity? Try this query:

logship.frontend.ui.public.page.view
| where timestamp > ago(1h)
| summarize count = count() by page
| project page, count
| order by count desc

This query shows which pages you've visited in the last hour, ordered by visit count. It's a great example of how Logship automatically tracks frontend activity!

Explore recent ingest

Check the most recent rows for any schema:

schema.tables
| where TableName !startswith "schema."
| take 1
| project TableName
| join kind=inner (
    invoke withsource=TableName (table(TableName))
    | top 5 by timestamp desc
  ) on TableName

Common troubleshooting queries

• Count events per minute to spot ingest gaps:

demo.hello
| where timestamp > ago(1h)
| summarize events = count() by bin(timestamp, 1m)

• Identify hottest schemas:

schema.tables
| join kind=inner (
    schema.extents
    | summarize totalRows = sum(RowCount) by TableId
  ) on TableId
| project TableName, totalRows
| top 10 by totalRows desc

Quick reference: logsh CLI

logsh configure backend http://localhost:5000
logsh login --username admin --password default
logsh query "schema.tables | take 5"