このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、
お気軽にご連絡ください。
Overview
Each Datadog product offers unique search capabilities optimized for its use case. This page provides a comprehensive index of product-specific search syntax resources to help you find the right documentation for your needs.
Search syntax families
There are two main families of search syntaxes across Datadog products:
Metrics-based syntax: Used by Metrics and Cloud Cost Management for time-series data queries with tag-based filtering and aggregation.
Event-based syntax: Used by Log Management and adopted by most other Datadog products including traces, RUM, CI/CD, and more. This syntax provides flexible faceted search with boolean operators and pattern matching.
Metrics
Metrics use a specialized metrics-based syntax for filtering and aggregating time-series data.
For more information, see Advanced Filtering.
Key capabilities
- Tag-based filtering with boolean logic (
AND, OR, NOT) or symbolic operators (&&, ||, !) - Wildcard matching on metric names and tag values
- Aggregation by multiple tag dimensions
- Template variable filtering for dynamic dashboards
- Metric namespace filtering for organized queries
- Case-sensitive matching for metric names
# Filter metrics by tag
system.cpu.idle{host:prod-*}
# Boolean operators for tag filtering
avg:system.cpu.user{env:staging AND (availability-zone:us-east-1a OR availability-zone:us-east-1c)} by {availability-zone}
# Combine multiple tag filters
system.disk.used{env:production,datacenter:us-east-1}
# Wildcard filtered query
avg:system.disk.in_use{!device:/dev/loop*} by {device}
# Wildcard matching on tags
aws.ec2.cpuutilization{instance-type:t3.*}
# Exclude specific tags
system.mem.used{env:production AND NOT service:test}
Logs
Log Management uses event-based search syntax, serving as the foundation for many other products’ search capabilities.
For a complete reference for log search operators, wildcards, facets, and advanced queries, see Log Search Syntax.
Key capabilities
- Full-text search across log messages with wildcards and phrase matching
- Structured faceted search on attributes (tags, custom fields, standard attributes)
- Pattern detection and extraction using parsing patterns
- Advanced boolean operators (AND, OR, NOT) and grouping
- Range queries for numerical values and timestamps
# Search for error messages containing "timeout"
status:error "timeout"
# Query HTTP errors with status codes 500-599
@http.status_code:[500 TO 599]
# Combine multiple conditions
service:web-api env:(production OR dev) AND @duration:>1000
# Wildcard search for specific services
service:payment-* AND status:error
# Exclude specific values
env:production NOT service:background-worker
Traces
APM and Distributed Tracing use event-based search syntax for querying spans and traces.
To learn more about querying spans and traces with service, resource, and tag filters, see Trace Query Syntax.
Key capabilities
- Query spans by service, operation, and resource name
- Filter by trace-level and span-level tags
- Search across distributed traces spanning multiple services
- Duration-based queries for performance analysis
- Error tracking with status codes and error messages
# Find errors in a specific service
service:payment-api status:error
# Query by resource and HTTP method
resource_name:"/api/v1/checkout" @http.method:POST
# Search for slow traces
service:web-api* @duration:>1s
# Trace queries across service dependencies
@span.parent.service:frontend service:backend
# Filter by custom span tags
service:database @db.statement:"SELECT *" @db.row_count:>1000
Additional product-specific resources
Product-specific search syntax documentation for additional Datadog products:
Further reading
