Skip to main content
Version: 0.13

Log Query (Experimental)

::: warning The log query endpoint feature is currently experimental and may change in future releases. :::

GreptimeDB provides a dedicated HTTP endpoint to query log data. This feature allows you to search and process log entries using a simple query interface. This is an add-on feature to existing GreptimeDB capabilities like SQL queries and Flow computations. You can still use your existing tools and workflows to query log data like before.


POST /v1/logs


Request Format

The request body should be a JSON object (this is subject to change in patch version within the experimental phase). For the latest request format, please refer to the implementation:


This endpoint has the same response format as the SQL query endpoint. Please refer to the SQL query response for more details.


  • Maximum result limit: 1000 entries
  • Only supports tables with timestamp and string columns


The following example demonstrates how to query log data using the log query endpoint (notice that in this experimental phase the following example might be outdated).

curl -X "POST" "http://localhost:4000/v1/logs" \
-H "Content-Type: application/json" \
-d $'
"table": {
"catalog_name": "greptime",
"schema_name": "public",
"table_name": "my_logs"
"time_filter": {
"start": "2025-01-23"
"limit": {
"fetch": 1
"columns": [
"filters": [
"column_name": "message",
"filters": [
"Contains": "production"
"context": "None",
"exprs": []

In this query, we are searching for log entries in the greptime.public.my_logs table that contain the word production in message field. We also specify the time filter to fetch logs in 2025-01-23, and limit the result to 1 entry.

The response will be similar to the following:

"output": [
"records": {
"schema": {
"column_schemas": [
"name": "message",
"data_type": "String"
"rows": [
"Everything is in production"
"total_rows": 1
"execution_time_ms": 30