Full-Text Search for Observability Logs-GreptimeDB’s Winning Strategy

Logs are the lifeblood of modern observability—but sifting through terabytes for that elusive error or high-priority trace? Nobody’s got time for brute-force scans. That’s why a robust full-text search capability is essential for any serious log search database. GreptimeDB, purpose-built for observability logs, offers more than one indexing weapon, including powerful Bloom and Tantivy options for every scenario.

Why Classic “LIKE” Matching Falls Short

Traditional log search based on text patterns can slow to a crawl on large datasets.
POP quiz: what happens when you need to locate a rare TraceID from billions of log lines? With classic LIKE, the answer is ... a lot of coffee breaks.

GreptimeDB’s Modern Search Arsenal: Bloom vs. Tantivy

GreptimeDB v0.14 brings both broad and targeted search strategies:

Bloom Index: Lower storage overhead (1GB for 10GB logs), fast for general log search, steady performance across query types.
Tantivy Index: Inverted index approach, near-raw-data storage overhead, ideal for super-selective (TraceID, unique phrase) lookups—up to 5x faster on such queries!

Not sure which to choose? Pick Bloom for general logs and Tantivy where pinpoint accuracy and selectivity matter.

SQL Syntax: Turning Keyword Search Into Child’s Play

sql

SELECT * FROM logs WHERE matches_term(message, 'system failure') OR message @@ 'error';

With SQL-level operators, analysts no longer need to learn a custom query language. Just search, filter, and go.

Real-Life Results from OceanBase Cloud

Migration from Loki to GreptimeDB cut response times by orders of magnitude — timeout-prone queries now finish in sub-seconds across hours and days of logs.
Overall log storage cost dropped by more than 60%, running 80+ clusters and 300TB of multi-cloud logs and SQL audit data in production.

FAQ: Can I Index Structured Fields for Speed?

Yes! Pull structured info (like statusCode or cluster) into separate columns, and index those too for dramatic speed-ups on filter queries.

Wrapping Up: Upgrade Your Observability Log Searches

Full-text search in the age of observability means combining fast keyword matching, sensible indexes, and a query experience built for real-world developers. If GreptimeDB’s dual-index model sounds like what your ops team’s been craving, check out live demos or the documentation and get your logs under control.

Why Classic “LIKE” Matching Falls Short ​

GreptimeDB’s Modern Search Arsenal: Bloom vs. Tantivy ​

SQL Syntax: Turning Keyword Search Into Child’s Play ​

Real-Life Results from OceanBase Cloud ​

FAQ: Can I Index Structured Fields for Speed? ​

Wrapping Up: Upgrade Your Observability Log Searches ​