Query Syntax
DSL Syntax
bash
loq <file> [where <conditions>] [count [by <field>]] [limit <n>]Operators
| Operator | Description | Example |
|---|---|---|
= | Equals | level=error |
!= | Not equals | level!=debug |
> | Greater than | status>400 |
< | Less than | status<500 |
>= | Greater or equal | status>=400 |
<= | Less or equal | status<=299 |
contains | Substring match | message contains "timeout" |
matches | Regex match | path matches "^/api/v[0-9]+" |
Boolean Logic
bash
# AND
loq app.log where level=error and status>=500
# OR
loq app.log where level=error or level=warn
# NOT
loq app.log where not level=debug
# Grouping
loq app.log where "(level=error or level=warn) and status>=500"Time Filters
bash
# After a time
loq app.log after yesterday
# Before a time
loq app.log before today
# Between times
loq app.log between "10:00" and "11:00" todayAggregations
bash
# Count all
loq app.log count
# Count by field
loq app.log count by level
# With filter
loq app.log where status>=400 count by pathSQL Syntax
bash
loq "SELECT * FROM app.log WHERE level='error' LIMIT 10"
loq "SELECT level, COUNT(*) FROM app.log GROUP BY level"
loq "SELECT path, AVG(response_time) FROM access.log GROUP BY path"