Skip to Content
Query languageNew Relic Lucene

Query log data using New Relic Lucene

New Relic’s log query language is based on Lucene  syntax, designed to allow fast and flexible search through log data.

Grepr supports a subset of the New Relic Lucene query language. This guide outlines the key differences between Grepr’s implementation and the full New Relic Lucene syntax.

For the full New Relic query language, refer to the New Relic documentation .

Supported behavior

Grepr supports a simplified form of text and field-based search:

  • Text search (default field) Simple unqualified text searches (e.g., error) are matched only against the message field.

  • Field-based search Grepr allows searching specific fields using field:value syntax. By default, these will search in attributes only, unless the field name starts with tags..

  • Logical operators Boolean operators AND and OR can be used to combine multiple conditions with - to negate conditions. Examples:

    error AND warning           # Both "error" and "warning" must be present in message
error OR warning            # Either "error" or "warning" must be present in message
status:500 AND error        # Status code is 500 and message contains "error"
-req.status:200 AND error   # req.status is not 200 and message contains "error"

  • Existence operators The has: and missing: operators check for the presence or absence of field keys:

    has:field          # field exists
missing:field      # field does not exist

  • Negation operators The - prefix can be used to negate queries:

    -field:value        # Field does not equal value
-error              # Message does not contain "error"

  • Numeric comparisons Comparison operators such as >, <, >=, <= are supported on numerical fields:

    field:>30                     # Field value greater than 30
field:<10                     # Field value less than 10
field:>=30.0                  # Field value greater than or equal to 30.0
field:<=-10                   # Field value less than or equal to -10

    Refer to the Grepr processing model for more about how attributes and tags are handled.

  • Range searches Use syntax like field:[value1 TO value2] to search for values in ranges:

    field:[10 TO 20]              # Field value between 10 and 20 inclusive
field:{10 TO 20}              # Field value between 10 and 20 exclusive
field:[* TO 100]              # Field value less than or equal to 100

Limitations

Grepr does not support the following features of the New Relic Lucene language:

  • Proximity and fuzzy searches Queries like "error crash"~3 or hello~2 are not supported.
Last updated on
OverviewNRQL