Explore logs with SQL

Quickly explore and visualize your logs to debug issues and discover patterns.

Want a full dashboard with multiple charts and alerts?

Dashboards: Put multiple charts on a dashboard to get an overview of your apps and services.
Faster charts: Dashboards use Logs to metrics to load weeks of logs in seconds.
Alerts: Set up alerts for errors and latencies of your apps.

Getting started

Start exploring your logs in Explore logs → Create query. Select Log SQL expression. Use the following Log SQL expression:

Query for number of logs with level

Copied!

WITH 
  JSONExtract(json, 'level', 'Nullable(String)') AS `level`
SELECT
  {{time}} as time,
  count(*) as value
FROM {{source}}
WHERE time BETWEEN {{start_time}} AND {{end_time}}
GROUP BY time, level

Dashboard queries use ClickHouse SQL, which is largely similar to ANSI SQL you’re likely familiar with. In the SQL query above, we leverage the JSONExtractString() ClickHouse function.

Use JSONExtractString() to access any field in your logs. E.g. extract fields:

JSONExtract(json, 'level', 'Nullable(String)') accesses level field

You can extract nested fields:

JSONExtract(json, 'context', 'request', 'status', 'Nullable(String)') accesses context.request.status field

In the query above, we use count(*) to get the number of logs for each level.

On top of SQL, dashboard queries feature variables like {{source}} or {{time}}. Variables conveniently insert selected source, current time range, and other selected values into your queries. Read more about query variables.

Explore documentation

Explore logs with SQL

Want a full dashboard with multiple charts and alerts?

Getting started

On this page