Released at 2025-09-03
- FEATURE: LogsQL: add
splitpipe for splitting log fields by the given separator. It is useful for parsing CSV or tab-separated data stored in log values. - FEATURE: LogsQL: add
running_statspipe for calculating running sum, running min, running max and running count over query results. - FEATURE: LogsQL: add
total_statspipe for calculating global sum, global min, global max and global count over query results. - FEATURE: LogsQL: add an ability to sort logs returned by
json_valuesstats function via... | stats json_values() sort by (...)syntax. The sorting can be combined with thelimit Nin order to get top N logs. For example, the following query returns up to 3 the most recent logs per everyhostover the last 5 minutes:_time:5m | stats json_values() sort by (_time desc) limit 3 as last_3_host_logs. - FEATURE: LogsQL: return errors on typical incorrectly written queries. For example,
foo=~"bar",foo~="bar",foo=bar,foo!=bar,foo>bar,foo==bar, etc. See #590. - FEATURE: LogsQL: add substring filter, which searches for logs containing the given substring. Previously the regexp filter was used instead of substring filter. The downside of the regexp filter is that it needs proper escaping of special regexp chars.
- FEATURE: querying: expose
vl_storage_per_query_found_rowshistogram at/metricspage, which shows the number of log entries found per each query.