Write a Lucene query | Grafana Labs

Write a Lucene query

Elasticsearch uses Lucene query syntax for searching log data. Lucene queries let you search for specific terms, filter by fields, and combine conditions using boolean operators. Understanding basic Lucene syntax enables you to quickly find the logs you need for troubleshooting.

In this milestone, you’ll write Lucene queries to search and filter your Elasticsearch logs.

To write a Lucene query to search your logs, complete the following steps:

In the query editor, locate the Lucene Query field (the text input area).
Enter a search term or field-based query.
For example, enter error to find all logs containing the word “error”.
Click Run query or press Shift + Enter to execute the query.
Review the log results displayed below the query editor.
(Optional) Refine your query using field-specific syntax.
For example, enter level:error to filter logs where the level field equals “error”.
(Optional) Combine conditions using boolean operators (AND, OR, NOT).
For example, enter level:error AND service:api to find error logs from the api service.

Note
Boolean operators must be uppercase: AND, OR, NOT. Lowercase versions are not supported by Lucene query syntax.

Log entries matching your query appear in the results panel, showing timestamps, log levels (color-coded), and message content.

In the next milestone, you’ll configure the log display options to enhance how your logs are visualized.

More to explore (optional)

At this point in your journey, you can explore the following paths:

Lucene query syntax

Query string syntax

Select Logs query type

page 5 of 9

Configure log display

page 5 of 9