Query language
New Relic Lucene

New Relic Lucene

New Relic's log query language is based on Lucene (opens in a new tab) syntax, designed to allow fast and flexible search through log data.

Grepr supports a subset of the New Relic Lucene query language. This guide outlines the key differences between Grepr’s implementation and the full New Relic Lucene syntax.

For the full New Relic query language, refer to the New Relic documentation (opens in a new tab).

✅ Supported Behavior

Grepr supports a simplified form of text and field-based search:

  • Text search (default field)
    Simple unqualified text searches (e.g., error) are matched only against the message field.

  • Field-based search
    Grepr allows searching specific fields using field:value syntax. These fields map to:

    • attributes.field:value
    • tags.field:value

    In practice, field:value is equivalent to:

    attributes.field:value OR tags.field:value

  • Logical operators Boolean operators AND and OR can be used to combine multiple conditions:

    error AND warning           # Both "error" and "warning" must be present in message
error OR warning            # Either "error" or "warning" must be present in message
status:500 AND error        # Status code is 500 and message contains "error"

  • Explicit attribute and tag search
    You can explicitly search attributes and tags using:

    attributes.attrKey:value
tags.tagKey:value

  • Existence operators The has: and missing: operators check for the presence or absence of fields:

    has:field          # field exists
missing:field      # field does not exist

  • Negation operators The - prefix can be used to negate queries:

    -field:value        # Field does not equal value
-error              # Message does not contain "error"

  • Numeric comparisons Comparison operators such as >, <, >=, <= are supported on numerical fields:

    field:>30                     # Field value greater than 30
field:<10                     # Field value less than 10
field:>=30                    # Field value greater than or equal to 30
field:<=10                    # Field value less than or equal to 10

    Refer to the Grepr processing model for more about how attributes and tags are handled.

🚫 Unsupported Features

Grepr does not support the following features of the New Relic Lucene language:

  • Proximity and fuzzy searches
    Queries like "error crash"~3 or hello~2 are not supported.

  • Range searches
    Syntax like field:[value1 TO value2] is not supported. Instead, use numeric comparisons (e.g., field:>10 AND field:<20).

ℹ️ Note: Some supported features may change or expand over time. This document will be updated accordingly as Grepr evolves.

Grepr Processing ModelNRQL