Join us for a virtual meetup on Zoom at 8 PM, July 31 (PDT) about using One Time Series Database for Both Metrics and Logs 👉🏻 Register Now

Full-Text Search for Observability Logs-GreptimeDB’s Winning Strategy

GreptimeDB revolutionizes observability log searches with dual Bloom/Tantivy indexing strategy, delivering 10x faster queries and 30% lower storage costs while enabling SQL-powered full-text search.
Full-Text Search for Observability Logs-GreptimeDB’s Winning Strategy

GitHub | 🌐 Website | 📚 Docs

💬 Slack | 🐦 Twitter | 💼 LinkedIn

Logs are the lifeblood of modern observability—but sifting through terabytes for that elusive error or high-priority trace? Nobody’s got time for brute-force scans. That’s why a robust full-text search capability is essential for any serious log search database. GreptimeDB, purpose-built for observability logs, offers more than one indexing weapon, including powerful Bloom and Tantivy options for every scenario.

Why Classic “LIKE” Matching Falls Short

  • Traditional log search based on text patterns can slow to a crawl on large datasets.

  • POP quiz: what happens when you need to locate a rare TraceID from billions of log lines? With classic LIKE, the answer is ... a lot of coffee breaks.

GreptimeDB’s Modern Search Arsenal: Bloom vs. Tantivy

GreptimeDB v0.14 brings both broad and targeted search strategies:

  • Bloom Index: Lower storage overhead (1GB for 10GB logs), fast for general log search, steady performance across query types.

  • Tantivy Index: Inverted index approach, near-raw-data storage overhead, ideal for super-selective (TraceID, unique phrase) lookups—up to 5x faster on such queries!

Not sure which to choose? Pick Bloom for general logs and Tantivy where pinpoint accuracy and selectivity matter.

SQL Syntax: Turning Keyword Search Into Child’s Play

sql
SELECT * FROM logs WHERE matches_term(message, 'system failure') OR message @@ 'error';

With SQL-level operators, analysts no longer need to learn a custom query language. Just search, filter, and go.

Real-Life Results: 10x Faster Queries, Lower Cost

  • OB Cloud’s migration from Loki to GreptimeDB for logs cut response times by an order of magnitude—timeout-prone queries now finish in under a second.

  • Storage costs dropped 30% thanks to Bloom index minimization.

FAQ: Can I Index Structured Fields for Speed?

  • Yes! Pull structured info (like statusCode or cluster) into separate columns, and index those too for dramatic speed-ups on filter queries.

Wrapping Up: Upgrade Your Observability Log Searches

Full-text search in the age of observability means combining fast keyword matching, sensible indexes, and a query experience built for real-world developers. If GreptimeDB’s dual-index model sounds like what your ops team’s been craving, check out live demos or the documentation and get your logs under control.

Join our community

Get the latest updates and discuss with other users.