On this page

Query Syntax for Logs Explorer

Filter, group, and visualize logs with precision.

This page covers common syntax you can use in day-to-day investigations, plus a few ready-to-edit examples.

Plain text searches will only match against the log message field, not the entire log body.

Basics

Property prefixes

PrefixDescriptionExample
@propertyEvent or log properties@traceId:"1a3cg5"
#propertyReserved properties#custom_event:"shopping_cart_opened"
$userUser identifiers$stableID:"abcdef"
noneUser propertiestier:prod

Logical operators

These are query-level connectors. They combine or negate multiple conditions.

OperatorDescriptionExample
AND (case sensitive)Match all conditionslevel:error AND service:api-gateway
OR (case sensitive)Match any conditionlevel:error OR level:warn
!= or !:Exclude a conditionstatus!:error OR service!:api-gateway

Other operators

These are field-level conditions.

OperatorDescriptionExample
: or =equalsstatus_code:200 or status_code=200
!= or !:not equalslevel!:debug or level!=debug
> <greater/less thanlatency_ms>500 or latency_ms<1000
>= <=greater/less or equallatency_ms>=500 or latency_ms<=2000

You can use the * character as a wildcard in queries. A wildcard matches zero or more characters inside a field value.

Wildcards can impact query performance. Use them sparingly.

Additional examples

QueryDescriptionMatches
@"log.file.path":"/logs/pods/*"Path begins with /logs/pods//logs/pods/1234/stdout.log
@"log.file.path":"*/logs/pods/"Path ends with /logs/pods//mnt/storage/logs/pods/
service:"api-*"Services with names starting with api-api-gateway, api-auth
@route:"*products/*"Page routes containing the string products/shopify.com/products/tshirts, shopify.com/cart/products/view
@message!:""Return logs where the message field is not nullany log that has a message field

Was this helpful?