Query Syntax

The Loguro filter bar is a mini human friendly query language and command executor. It handles simple text searches, structured field filters, time ranges, command-style analytics, platform commands like --download --download:list or --task:jira --send:slack#team ant many more — all in a single input.

Text search

Type anything to search across log messages:

message:"auth failed"

Level filters

Filter by one or more log levels:

level:error
level:error|warning
!level:debug

The | operator means OR. The ! prefix negates (exclude that level).

Message filters

Match against the message field. Multiple terms are OR-ed together:

message:"timeout"
message:"db error"|"cache miss"
!message:"healthcheck"

Trace ID

Find all logs belonging to a distributed trace:

trace:"abc123def456"
trace:"id1"|"id2"
!trace:"abc123"

Context filters

Any key inside the context object is filterable using dot notation:

context.userId:42
context.env:"production"
context.gateway:"stripe"
!context.env:"staging"

For context keys that contain dots, use bracket notation:

context.svc["k.with.dot"]:value

Time ranges

Use shorthand labels for common windows:

@today
@last-24h
@last-7d
@last-1h

Or specify explicit boundaries:

from:2026-01-01 with time: from:2026-01-01:10:05 to:2026-01-01:15:30
to:2026-03-31
from:2026-01-01 to:2026-03-31
from:"3 days ago" to:"yesterday at 10:00"

Command flags

Commands start with -- and trigger analytics or actions.

Count

--count

Shows the total number of logs matching your current filters.

Presets

Quick level presets expand to the full filter:

--errors
--warn
--debug
--info
--critical

Time presets:

--today
--last-1h
--last-7d

Top values

Find the most common values for any field:

--top:level
--top:context.status
--top:context.gateway

Unique values

Count distinct values for a field:

--unique:context.userId
--unique:context.region

Slow requests

Find logs where context.duration exceeds a threshold (default 1000ms):

--slow
--slow:500

Rate

Display log rate over time (logs per minute):

--rate

Sample

Randomly pick N logs from the matching result set:

--sample
--sample:25

Memory

Switch the log source to forever memory — logs saved when creating issues, which survive your plan’s retention window:

--memory
message:"payment failed" --memory
--memory --count

See Memory & Forever Logs for details.

Download

Export matching logs as a file:

--download
--download:csv
--download:list

Downloads default to Parquet format. --download:csv enforces CSV output.

Combining filters

All filters compose with AND semantics by default. The following finds error logs from Stripe in the last 24 hours:

level:error context.gateway:stripe @last-24h --count

Add --top:context.errorCode to see which error codes are most common:

level:error context.gateway:stripe @last-24h --top:context.errorCode

Saved views

Save any filter query as a named view from the bookmark icon in the filter bar. Use #slug to expand a saved view inline:

#stripe-errors

Or reference it explicitly:

--view:stripe-errors

To save a view you can write your filters and include the save command.

level:error context.gateway:stripe @last-24h --save:<name>

Pipe chains

Use > to chain two commands in sequence. The left side executes first, then the right side runs with its result.

--project::create > --keys::create:prod

This creates a new project, then immediately creates an API key named prod scoped to it.

--task:linear > --send:discord

Creates a Linear issue from the current log context, then sends a Discord notification.

Chains are evaluated left-to-right. The > operator passes context between commands — the right side receives the output of the left.

// related

See also

features

Saved Views

Save and reuse filter queries as named views across your project.

features/saved-views
commands

--alerts

Create and manage project alerts from the filter bar.

commands/alerts