| SPDX-FileCopyrightText | SPDX-License-Identifier | title | author | footer | description | keywords | color | class | style | ||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
© 2023 Menacit AB <[email protected]> |
CC-BY-SA-4.0 |
Logging course: Alternative query languages |
Joel Rangsmo <[email protected]> |
© Course authors (CC BY-SA 4.0) |
Introduction to different query/filtering languages in logging course |
|
#ffffff |
|
section.center {
text-align: center;
}
table strong {
color: #d63030;
}
table em {
color: #2ce172;
}
|
Through plugins, OpenSearch provides several different query languages besides Lucene for querying and aggregating documents.
Let's have a look at these!
Dashboard Query Language.
Default option in OpenSearch Dashboards.
Aims to simplify common use-cases for data filtering.
# Search for documents containing
# specified string in username field
user:mallory
# Combine multiple search terms using
# conditional statments and make use
# of wildcards and nummeric filters
hostname:db-*.int.example.org \
and (log_level >= 5 or type:exception)
Piped Processing Language.
Comfortable for UNIX power-users and veterans of Splunk/Logpoint.
Supports easy runtime field creation.
Structured Query Language.
Many developers and sysadmins are already proficient in SQL, making it a great option.
If you wanna learn more, checkout the OpenSearch documentation for DQL and SQL/PPL
