From c1ae05971215de27616155c4f4d02947e36fce76 Mon Sep 17 00:00:00 2001 From: boyska Date: Mon, 7 Jan 2019 15:43:25 +0100 Subject: [PATCH] docs on query language. closes #6 --- docs/query.md | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 docs/query.md diff --git a/docs/query.md b/docs/query.md new file mode 100644 index 0000000..0ad1173 --- /dev/null +++ b/docs/query.md @@ -0,0 +1,21 @@ +Query language +=================== + +circolog uses a sql-inspired query language. If you know SQL, then you can use "where clauses" in circolog. If +you don't know SQL, don't worry: the language is easy enough for you to learn the most basic queries without +worrying too much. + +You can only filter the rows, you can't sort them or group them in any way. + +Reference +----------- + +Available fields: + - `message`: the string with the main information + - `app_name`: also known as "program" sometimes + - `facility`: an integer describing auth, daemon, user, etc. + - `hostname`: the hostname where the entry originated + - `timestamp`: date in format `2019-01-07T15:28:58+01:00` + - `severity`: an integer describing severity + +