欢迎参与 8 月 1 日中午 11 点的线上分享,了解 GreptimeDB 联合处理指标和日志的最新方案! 👉🏻 点击加入

Full-Text Search for Observability Logs-GreptimeDB’s Winning Strategy

GitHub | 🌐 Website | 📚 Docs

💬 Slack | 🐦 Twitter | 💼 LinkedIn

Logs are the lifeblood of modern observability—but sifting through terabytes for that elusive error or high-priority trace? Nobody’s got time for brute-force scans. That’s why a robust full-text search capability is essential for any serious log search database. GreptimeDB, purpose-built for observability logs, offers more than one indexing weapon, including powerful Bloom and Tantivy options for every scenario.

Why Classic “LIKE” Matching Falls Short

  • Traditional log search based on text patterns can slow to a crawl on large datasets.

  • POP quiz: what happens when you need to locate a rare TraceID from billions of log lines? With classic LIKE, the answer is ... a lot of coffee breaks.

GreptimeDB’s Modern Search Arsenal: Bloom vs. Tantivy

GreptimeDB v0.14 brings both broad and targeted search strategies:

  • Bloom Index: Lower storage overhead (1GB for 10GB logs), fast for general log search, steady performance across query types.

  • Tantivy Index: Inverted index approach, near-raw-data storage overhead, ideal for super-selective (TraceID, unique phrase) lookups—up to 5x faster on such queries!

Not sure which to choose? Pick Bloom for general logs and Tantivy where pinpoint accuracy and selectivity matter.

SQL Syntax: Turning Keyword Search Into Child’s Play

sql
SELECT * FROM logs WHERE matches_term(message, 'system failure') OR message @@ 'error';

With SQL-level operators, analysts no longer need to learn a custom query language. Just search, filter, and go.

Real-Life Results: 10x Faster Queries, Lower Cost

  • OB Cloud’s migration from Loki to GreptimeDB for logs cut response times by an order of magnitude—timeout-prone queries now finish in under a second.

  • Storage costs dropped 30% thanks to Bloom index minimization.

FAQ: Can I Index Structured Fields for Speed?

  • Yes! Pull structured info (like statusCode or cluster) into separate columns, and index those too for dramatic speed-ups on filter queries.

Wrapping Up: Upgrade Your Observability Log Searches

Full-text search in the age of observability means combining fast keyword matching, sensible indexes, and a query experience built for real-world developers. If GreptimeDB’s dual-index model sounds like what your ops team’s been craving, check out live demos or the documentation and get your logs under control.

加入我们的社区

获取 Greptime 最新更新,并与其他用户讨论。