Search Syntax
This guide explains how to use search clause and filter your telemetry data including logs, traces, and metrics.
Table of Contents
Quick Start
The most basic queries look like this:
service.name = 'payment-service'
You can combine multiple conditions:
service.name = 'payment-service' AND http.status_code >= 400
For full-text search, simply type what you're looking for:
'error connecting to database'
Note: Make sure the phrase you want to search is enclosed in single quotes.
Basic Concepts
Fields and Values
A query consists of fields (what you're searching in) and values (what you're searching for):
- Field: The property name (e.g.,
service.name
,http.status_code
) - Value: What you're comparing against (e.g.,
'payment-service'
,200
)
Query Structure
Conditions follow this general pattern:
field operator value
Multiple conditions can be combined with boolean operators:
condition1 AND condition2 OR condition3
Related Guides
For detailed information on specific topics:
- Operators Reference - Complete list of operators and their behavior
- Full-Text Search Guide - How to search text content in logs
- Functions Reference - Array functions for JSON searches
- Field Context & Data Types - Understanding contexts and type specification
- Troubleshooting Guide - Common errors and how to fix them
- Advanced Examples - Complex query patterns and use cases
Common Pitfalls
Avoid these common mistakes when writing queries. Each example shows the incorrect approach followed by the correct syntax.
1. Forgetting Quotes for String Values
Not recommended: status = active
Correct: status = 'active'
2. Missing Wildcards in LIKE
Wrong: message LIKE 'error'
(exact match only)
Correct: message LIKE '%error%'
(contains 'error')
3. Incorrect Array Syntax
Wrong: region IN 'us-east', 'us-west'
Correct: region IN ('us-east', 'us-west')
4. Ambiguous Precedence
Wrong: a = 1 OR b = 2 AND c = 3
Correct: a = 1 OR (b = 2 AND c = 3)
5. Case Sensitivity
Remember that LIKE
is case-sensitive. Use ILIKE
for case-insensitive matching:
# Only matches 'Error' exactly
message LIKE '%Error%'
# Matches 'error', 'ERROR', 'Error', etc.
message ILIKE '%error%'
6. Special Characters in Search
If searching for special characters or operators as text, always use quotes:
# Searching for the literal text 'NOT'
message CONTAINS 'NOT'
# Searching for logs with text [debug]
'[debug]'
# Searching for text with operators
'response != 200'
Best Practices
- Start Simple: Begin with basic field comparisons and add complexity as needed
- Test Incrementally: Build complex queries step by step, testing each addition
- Leverage Autocomplete: Use the UI's autocomplete feature to discover available fields
- Quote String Values: Always quote string values to avoid parsing ambiguities
- Parenthesize Complex Logic: Use parentheses liberally to make intent clear
Last updated: July 31, 2025