Overview

A query filter is composed of terms and operators.

There are two types of terms:

  • A single term is a single word such as pipeline or hello.

  • A sequence is a group of words surrounded by double quotes, such as "hello dolly".

To combine multiple terms into a complex query, you can use any of the following case sensitive Boolean operators:

OperatorDescriptionExample
ANDIntersection: both terms are in the selected events (if nothing is added, AND is taken by default)authentication AND failure
ORUnion: either term is contained in the selected eventsauthentication OR password
-Exclusion: the following term is NOT in the event (apply to each individual raw text search)authentication AND -password

Search on attributes and tags

You are not required to define a facet in order to search on attributes and tags. To search on a specific attribute, add @ to specify you are searching on an attribute. Attributes searches are case sensitive. Use free text search to get case insensitive results.

For example, if you are interested in the git.repository.id attribute and you want to filter on the value Datadog/documentation, use @git.repository.id:"github.com/Datadog/documentation".

Searching for an attribute value that contains special characters requires escaping or double quotes. For example, for an attribute my_attribute with the value hello:world, search using: @my_attribute:hello\:world or @my_attribute:"hello:world".

To match a single special character or space, use the ? wildcard. For example, for an attribute my_attribute with the value hello world, search using: @my_attribute:hello?world.

For more information about tags, see Using Tags.

Wildcards

Multi-character wildcard

To perform a multi-character wildcard search, use the * symbol as follows:

  • service:web* matches every log message that has a service starting with web.
  • web* matches all log messages starting with web.
  • *web matches all log messages that end with web.

Wildcard searches work within tags and attributes (faceted or not) with this syntax.

Search wildcard

When searching for an attribute or tag value that contains special characters or requires escaping or double quotes, use the ? wildcard to match a single special character or space. For example, to search for an attribute my_attribute with the value hello world: @my_attribute:hello?world.

Numerical values

In order to search on a numerical attribute, first add it as a facet. You can then use numerical operators (<,>, <=, or >=) to perform a search on numerical facets.

For example, to retrieve all pipeline executions that have a duration of over one week, use: @duration:>=7days.

Tags

Your pipeline executions inherit tags from hosts and integrations that generate them. They can be used in the search and as facets as well:

  • pipeline is searching for the string “pipeline”.
  • env:(prod OR pipeline) matches all pipeline executions with the tag env:prod or the tag env:pipeline.
  • (env:prod AND -version:beta) matches all pipeline executions that contain tag env:prod and that do not contain tag version:beta.

If your tags don’t follow tags best practices and don’t use the key:value syntax, use this search query: tags:<MY_TAG>.

Further reading

Additional helpful documentation, links, and articles:

PREVIEWING: piotr_wolski/update-dsm-docs