Logs Explorer Query Syntax

Use queries to filter, combine, and visualize logs with precision. This page covers common syntax you can use in day-to-day investigations, plus a few ready-to-edit examples.

---

info

Plain text searches will only match against the log message field, not the entire log body.

Basics

Property Prefixes

Prefix	Description	Example
@property	Event or log properties	@status:"error"
#property	Reserved properties	#custom_event:"shopping_cart_opened"
$user	User identifiers	$stableID:"abcdef"
none	User properties	tier:prod

Logical Operators

These are query-level connectors. They combine or negate multiple conditions.

Operator	Description	Example
AND (case sensitive)	Match all conditions	level:error AND service:api-gateway
OR (case sensitive)	Match any condition	level:error OR level:warn
!= or !:	Exclude a condition	status!:error OR service!:api-gateway

Other Operators

These are field-level conditions.

Operator	Description	Example
: or =	equals	status_code:200 or status_code=200
!= or !:	not equals	level!:=debug or level!=debug
> <	greater/less than	latency_ms:>500 or latency_ms<1000
>= <=	greater/less or equal	latency_ms:>=500 or latency_ms<=2000

Wildcard Search

You can use the * character as a wildcard in queries. A wildcard matches zero or more characters inside a field value.
🐌 Wildcards can impact the performance of your query, so use them sparingly.

Examples

Query	Description	Matches
@"log.file.path":"/logs/pods/*"	Path begins with /logs/pods/	/logs/pods/1234/stdout.log
@"log.file.path":"*/logs/pods/"	Path ends with /logs/pods/	/mnt/storage/logs/pods/
service:"api-*"	Services with names starting with api-	api-gateway, api-auth
@route:"*products/*"	Page routes containing the string products/	shopify.com/products/tshirts, shopify.com/cart/products/view
@message!:""	Return logs where the message field is not null	any log that has a message field