Search operators

FuseQL search operators enable both regular and advanced log search (after you choose the Advanced Search option). The language specifies the following syntactical rules:

  • The search operator must appear before the first pipe (|) symbol in the query expression.

  • All other operators must follow a valid search expression.

    and

    Intersection operator (AND logic) between two search operators. Selects results that satisfy both conditions.

    or

    Union operator (OR logic) between two search operators. Selects results that satisfy either or both conditions.

    equal, =

    Searches for specified value; exact match.

    not equal, !=

    Searches for values other than the specified value; exact match.

    greater than, >

    Searches for values that are greater than the specified number.

    greater than or equal, >=

    Searches for values that are greater than or equal to the specified number.

    less than, <

    Searches for values that are less than the specified number.

    less than or equal, <=

    Searches for values that are less than or equal to the specified number.

    regex, =~

    Searches for results that match a specific character pattern.

    not regex, !~

    Searches for results that do not match a specific character pattern.

    terms exist, term

    Searches to match a specific term; limited to one word.

    not terms exist, !term

    Searches to exclude a specific term; limited to one word.

    grep, "grep"

    Searches for a specific expression (multi-word string) in the log message body.

    not grep, !"grep"

    Searches to exclude a specific expression (multi-word string) in the log message body.

    facet terms exist, ==

    Searches to match a specific facet and its value.

    facet terms not exist, !==

    Searches to exclude a specific facet and its value.

    starts with, *~

    Searches for labels or facets where the value begins with the specified string.

    ends with, ~*

    Searches for labels or facets where the value ends with the specified string.

    contains, **

    Searches for labels or facets where the value contains the specified string.

    key exists

    Searches for the presence of a specific facet, regardless of its value.

and, and

Intersection operator (AND logic) between two search operators. Selects results that satisfy both conditions.

Syntax

There is a difference in syntax for the operator between regular search and advanced search.

facetName1="value1" facetName2="value2"
text
Example

.and operator for facet

level="info" header="map"
text
fuseql and advanced

or, or

Union operator (OR logic) between two search operators. Selects results that satisfy either or both conditions.

Syntax

There is a difference in syntax for the operator between regular search and advanced search.

@facet=”valueA OR valueB”
text
Example
or operator for facet
level="info OR warning"
text
fuseql or regular

equal, =

Searches for specified value; exact match.

Syntax
label="value"
@facetName="value”
text
Example
equal operators with facet and label
@http_request_method="POST" and source="nginx"
text
equal example with facet and label

not equal, !=

Searches for values other than the specified value; exact match.

Syntax
label!="value"
@facetName!="value”
text
Example
not equal operators with facet and label
@facetName!="pinot-server" and level!="info"
text
not equal operator with facet and label

greater than, >

Searches for values that are greater than the specified number.

Syntax
@facetName>number
text
Example
greater than operator with facet
@status_1>300 and source="logs-query-service"
text
fuseql greater

greater than or equal, >=

Searches for values that are greater than or equal to the specified number.

Syntax
@facetName>=number
text
Example
greater than or equal operator with facet
@status_1>=200 and source="logs-query-service"
text
fuseql greater equal

less than, <

Searches for values that are less than the specified number.

Syntax
@facetName<number
text
Example
less than operator with facet
@status_1<500 and source="logs-query-service"
text
fuseql less

less than or equal, <=

Searches for values that are less than or equal to the specified number.

Syntax
@facetName<=number
text
Example
less than or equal operator with facet
@status_1<=700 and source="logs-query-service"
text
fuseql less equal

regex, =~

Searches for results that match a specific character pattern.

Syntax
label=~”value”
@facetName=~"value”
text
Example
regex operator with label and facet
availability_zone=~"us" and @partition=~"metadata"
text
fuseql regex

not regex, !~

Searches for results that do not match a specific character pattern.

Syntax
label!~”value”
@facetName!~"value”
text
Example
not regex operator with facet
availability_zone=~"west" and @partition=!~"metadata"
text
fuseql not regex

terms exist, term

Searches to match a specific term; limited to one word.

Syntax
term
text
Example
term exist
container
text

fuseql terms exist

not terms exist, !term

Searches to exclude a specific term; limited to one word.

Syntax
!term
text
Example
no term exist
!container
text
fuseql not terms exist

grep, "grep"

Searches for a specific expression (multi-word string) in the log message body.

Syntax
"expression"
text
Example
grep expression
"forward NR traces payload"
text
fuseql grep

not grep, !"grep"

Searches to exclude a specific expression (multi-word string) in the log message body.

Syntax
!"expression"
text
Example
not grep expression
!"forward NR traces payload"
text
fuseql not grep

facet terms exist, ==

Searches to match a specific facet and its value.

Syntax
@facet==”value”
text
Example
facet terms exist
@traceFlags=="1"
text
fuseql facet terms exist

facet terms not exist, !==

Searches to exclude a specific facet and its value.

Syntax
@facet!==”value”
text
Example
facet terms not exist
@traceFlags!=="1"
text
fuseql facet terms not exist

starts with, *~

Searches for labels or facets where the value begins with the specified string.

Syntax
label*~”value”
@facet*~”value”
text
Example
starts with operator for facet and label
kube_container_name*~"recommendation" and @trace_sampled*~"T"
text
fuseql starts with

ends with, ~*

Searches for labels or facets where the value ends with the specified string.

Syntax
label~*”value”
@facet~*”value”
text
Example
ends with operator for facet and label
@resource_service_name~*"service" and agent~*"dog"
text
fuseql ends with

contains, **

Searches for labels or facets where the value contains the specified string.

Syntax
label**”value”
@facet**”value”
text
Example

.contains operator for facet and label

@ids**"9SIQT8TOJO" and kube_deployment**"otel"
text

+ image::fuseql-contains.svg[]

key exists

Searches for the presence of a specific facet, regardless of its value.

Syntax

There is a difference in syntax for the operator between regular search and advanced search.

key exists = “facet”
text
Example
key exists operator for facet
key exists="user_agent_original"
text
fuseql key exists regular