Last updated at Fri, 03 Nov 2017 19:17:08 GMT
We are excited to announce that Logentries’ new SQL-like query language, LEQL, is now available for more advanced analytics and easy extraction of valuable insights from your log data.
A SQL-Like Query Language
If you’ve ever used SQL, LEQL should feel familiar. In fact, Logentries already supports a number of SQL-like search functions, including:
- SUM: Sums a set of values
- COUNT: Counts the number of times a value occurs
- GROUPBY: Groups values by a unique key
- UNIQUE: Enables the count of only unique values
With the rollout of LEQL, we’ll be introducing four new query functions:
- MIN: Calculate the minimum value of a specified key
- MAX: Calculate the maximum value of a specified key
- SORT: Display results sorted either ascending or descending
A Consistent Yet Expressive Syntax
We believe a reliable query language depends on a consistently enforced syntax. For this reason, we’ll be enforcing how queries are structured. Here’s an example of how an old query would change with LEQL:
Old
pages>0 | GroupBY(dbName) | SUM(pages)
New
where(pages>0) groupby (dbName) calculate(SUM:pages)
In this example, pages & dbName are Key names in log events
Notice how the search logic gets wrapped in a where() clause, used for refining your search to return only results that match your search criteria (i.e. where events include the text or Key “pages”.)
groupBy() is an optional clause that enables you to organize your search results into groups by specifying a Key from a Key-Value Pair (i.e. key: value).
Calculations made within your query get utilized in the calculate() clause. When building your query, you no longer need to separate sections with pipes “|”.
Though we believe in the value of a consistent query syntax, we also believe in the importance of giving users an expressive language that is easy to use and delivers expected results. We’re taking the following steps to make LEQL easy to use:
- Outdated saved queries will automatically be converted into LEQL – no effort required
whereclauses will automatically be added to any new query you write- LEQL terms will not be case sensitive
- An updated search bar will provide a query builder and validator
- An updated search bar & query builder
An Updated Search Bar & Query Builder
As we rollout LEQL, we’ll be introducing a new search bar, allowing users to switch between a simple & advanced modes based on their preference.
Simple mode
“Simple mode” provides an easy way to build queries by providing a list of the available functions. Type-Assist will show a list of keys to associate with each functions, or new keys can be typed manually.
Advanced mode
“Advanced mode” will allow users to type their queries manually. Type-Assist will autocomplete key names while the new search bar will automatically validate query syntax.
July 1st Rollout
The LEQL rollout will take place in phases, beginning July 1st and will continue over the next few weeks to update all plans. If you’d like early beta access to LEQL, or have any questions, feel free to reach us at support@logentries.com.
