Searching Spans and Logs
In addition to the SQL-like query language, Uptrace allows you to search spans and logs using a more concise and natural query language.
Word filter
The simplest query is just a word, which must be found in the search scope.
For example, the query error
will find the following logs:
err
error
ERROR
ERRor
an error just occurred
If the query consists of multiple words, all words must be found in the search scope. For example, the query error select
will find the following logs:
error select
select error
an error has occurred when executing a select query
To search for several words at once, separate words with |
. For example, the query select|update
will find the following logs:
select
update
select update
Phrase filter
To search for logs that contain a phrase, simply enter the phrase in double quotes. The phrase can contain any characters, including spaces, punctuation, parentheses, etc.
For example, the query "select query"
will find the following logs:
an error has occurred when executing a select query
select query
But it won't find the following logs:
query select
selecting a query
Regexp filter
To search for logs that contain a regular expression, prefix the expression with ~
.
For example, the query ~err
will find the following logs:
err
error
an_err
some error
If the regular expression contains a space, quote the expression with backticks:
~`\d{4} \w+`
Negative filter
To exclude logs that contain certain words or phrases, prefix the word with -
.
For example, the query error -ssh
will find error logs that don't have the word ssh
.
Search scope
The search scope is a list of attributes that Uptrace will use for filtering. By default, the search scope is the current grouping expression. When grouping by _group_id
, the search scope is the display_name
attribute.
Grouping | Search Scope |
---|---|
group by _group_id | display_name |
group by service_name, host_name | display_name , host_name |
group by _group_id, service_name | display_name , service_name |
You can change the search scope for words, phrases, and regexps like this:
host_name:host1 service_name:"hello world" ~foo:bar
Searching over all attributes
Uptrace supports searching over all attribute values using _attrs
scope. For example, the following query will find items with attributes that contain words foo
or bar
:
_attrs:foo|bar
To ensure that Uptrace has a chance to index all attributes, it truncates each attribute value to 80 bytes.
To ensure consistent performance, Uptrace then concatenates all values and truncates the resulting string to 1000 bytes.
Uptrace indexes values it finds in arrays, but ignores maps altogether. To index maps, you can use transformations to extract/flatten map values.