FuseQL Search Operators

FuseQL search operators enable both regular and advanced log search (after you choose the Advanced Search option). The language specifies the following syntactical rules:

The search operator must appear before the first pipe (|) symbol in the query expression.
All other operators must follow a valid search expression.

and, and: Intersection operator (AND logic) between two search operators. Selects results that satisfy both conditions.

or, or: Union operator (OR logic) between two search operators. Selects results that satisfy either or both conditions.

equal, =: Searches for specified value; exact match.

not equal, !=: Searches for values other than the specified value; exact match.

greater than, >: Searches for values that are greater than the specified number.

greater than or equal, >=: Searches for values that are greater than or equal to the specified number.

less than, <: Searches for values that are less than the specified number.

less than or equal, <=: Searches for values that are less than or equal to the specified number.

regex, =~: Searches for results that match a specific character pattern.

not regex, !~: Searches for results that do not match a specific character pattern.

terms exist, term: Searches to match a specific term; limited to one word.

not terms exist, !term: Searches to exclude a specific term; limited to one word.

grep, "grep": Searches for a specific expression (multi-word string) in the log message body.

not grep, !"grep": Searches to exclude a specific expression (multi-word string) in the log message body.

starts with, *~: Searches for labels or facets where the value begins with the specified string.

ends with, ~*: Searches for labels or facets where the value ends with the specified string.

contains, **: Searches for labels or facets where the value contains the specified string.

key exists: Searches for the presence of a specific facet, regardless of its value.

and, `and`

Intersection operator (AND logic) between two search operators. Selects results that satisfy both conditions.

Syntax

There is a difference in syntax for the operator between regular search and advanced search.

Regular search
Advanced search

facetName1="value1" facetName2="value2"

@facetName1="value1" and @facetName2="value2"

Example

and operator for facet

Regular search
Advanced search

level="info" header="map"

@level="info" and @header="map"

or, `or`

Union operator (OR logic) between two search operators. Selects results that satisfy either or both conditions.

Syntax

There is a difference in syntax for the operator between regular search and advanced search.

Regular search
Advanced search

@facet=”valueA OR valueB”

@facet=”valueA” or @facet=”valueB”

Example

or operator for facet

Regular search
Advanced search

level="info OR warning"

@level="info" or @level="warning"

equal, `=`

Searches for specified value; exact match.

Syntax

label="value"
@facetName="value”

Example

equal operators with facet and label

@http_request_method="POST" and source="nginx"

not equal, `!=`

Searches for values other than the specified value; exact match.

Syntax

label!="value"
@facetName!="value”

Example

not equal operators with facet and label

@facetName!="pinot-server" and level!="info"

greater than, `>`

Searches for values that are greater than the specified number.

Syntax

@facetName>number

Example

greater than operator with facet

@status_1>300 and source="logs-query-service"

greater than or equal, `>=`

Searches for values that are greater than or equal to the specified number.

Syntax

@facetName>=number

Example

greater than or equal operator with facet

@status_1>=200 and source="logs-query-service"

less than, `<`

Searches for values that are less than the specified number.

Syntax

@facetName<number

Example

less than operator with facet

@status_1<500 and source="logs-query-service"

less than or equal, `<=`

Searches for values that are less than or equal to the specified number.

Syntax

@facetName<=number

Example

less than or equal operator with facet

@status_1<=700 and source="logs-query-service"

regex, `=~`

Searches for results that match a specific character pattern.

Syntax

label=~”value”
@facetName=~"value”

Example

regex operator with label and facet

availability_zone=~"us" and @partition=~"metadata"

not regex, `!~`

Searches for results that do not match a specific character pattern.

Syntax

label!~”value”
@facetName!~"value”

Example

not regex operator with facet

availability_zone=~"west" and @partition=!~"metadata"

terms exist, `term`

Searches to match a specific term; limited to one word.

Syntax

term

Example

term exist

container

fuseql terms exist

not terms exist, `!term`

Searches to exclude a specific term; limited to one word.

Syntax

!term

Example

no term exist

!container

grep, `"grep"`

Searches for a specific expression (multi-word string) in the log message body.

Syntax

"expression"

Example

grep expression

"forward NR traces payload"

not grep, `!"grep"`

Searches to exclude a specific expression (multi-word string) in the log message body.

Syntax

!"expression"

Example

not grep expression

!"forward NR traces payload"

facet terms exist, `==`

Searches to match a specific facet and its value.

@facet==”value”

facet terms exist

@traceFlags=="1"

facet terms not exist, `!==`

Searches to exclude a specific facet and its value.

@facet!==”value”

facet terms not exist

@traceFlags!=="1"

starts with, `*~`

Searches for labels or facets where the value begins with the specified string.

Syntax

label*~”value”
@facet*~”value”

Example

starts with operator for facet and label

kube_container_name*~"recommendation" and @trace_sampled*~"T"

ends with, `~*`

Searches for labels or facets where the value ends with the specified string.

Syntax

label~*”value”
@facet~*”value”

Example

ends with operator for facet and label

@resource_service_name~*"service" and agent~*"dog"

contains, `**`

Searches for labels or facets where the value contains the specified string.

Syntax

label**”value”
@facet**”value”

Example

contains operator for facet and label

@ids**"9SIQT8TOJO" and kube_deployment**"otel"

key exists

Searches for the presence of a specific facet, regardless of its value.

Syntax

There is a difference in syntax for the operator between regular search and advanced search.

Regular search
Advanced search

key exists = “facet”

@facet

Example

key exists operator for facet

Regular search
Advanced search

key exists="user_agent_original"

@user_agent_original

FuseQL Search Operators

and, and

Syntax

Example

or, or

Syntax

Example

equal, =

Syntax

Example

not equal, !=

Syntax

Example

greater than, >

Syntax

Example

greater than or equal, >=

Syntax

Example

less than, <

Syntax

Example

less than or equal, <=

Syntax

Example

regex, =~

Syntax

Example

not regex, !~

Syntax

Example

terms exist, term

Syntax

Example

not terms exist, !term

Syntax

Example

grep, "grep"

Syntax

Example

not grep, !"grep"

Syntax

Example

facet terms exist, ==

Syntax

Example

facet terms not exist, !==

Syntax

Example

starts with, *~

Syntax

Example

ends with, ~*

Syntax

Example

contains, **

Syntax

Example

key exists

Syntax

Example

and, `and`

or, `or`

equal, `=`

not equal, `!=`

greater than, `>`

greater than or equal, `>=`

less than, `<`

less than or equal, `<=`

regex, `=~`

not regex, `!~`

terms exist, `term`

not terms exist, `!term`

grep, `"grep"`

not grep, `!"grep"`

facet terms exist, `==`

facet terms not exist, `!==`

starts with, `*~`

ends with, `~*`

contains, `**`