Searching Spans and Logs
In addition to the SQL-like query language, Uptrace allows you to search spans and logs using a more concise and natural query language.
Word filter
The simplest query is just a word, which must be found in the search scope.
For example, the query error
will find the following logs:
err
error
ERROR
ERRor
an error just occurred
If the query consists of multiple words, all words must be found in the search scope. For example, the query error select
will find the following logs:
error select
select error
an error has occurred when executing a select query
To search for multiple words at once, separate them with |
. For example, the query select|update
will find the following logs:
select
update
select update
Phrase filter
To search for logs that contain a phrase, simply quote the phrase with double quotes. The phrase can contain any characters, including spaces, punctuation, parentheses, etc.
For example, the query "select query"
will find the following logs:
an error has occurred when executing a select query
select query
But it won't find the following logs:
query select
selecting a query
Regexp filter
To search for logs that contain a regular expression, prefix the expression with ~
.
For example, the query ~err
will find the following logs:
err
error
an_err
some error
If the regular expression contains a space, quote the expression with backticks:
~`\d{4} \w+`
Negative filter
To exclude logs that contain certain words or phrases, prefix the word with -
.
For example, the query error -ssh
will find error logs that don't have the word ssh
.
Search scope
The search scope is a list of attributes that Uptrace will use for filtering. By default, the search scope is the current grouping expression. When grouping by _group_id
, the search scope is the display_name
attribute.
Grouping | Search Scope |
---|---|
group by _group_id | display_name |
group by service_name, host_name | display_name , host_name |
group by _group_id, service_name | display_name , service_name |
You can change the search scope for words, phrases, and regexps like this:
host_name:host1 service_name:"hello world" ~foo:bar