lucene
Description
The lucene
command executes a Lucene query within a DataPrime query, allowing users to seamlessly combine Lucene’s search syntax with DataPrime’s structured query capabilities.
This enables powerful hybrid queries—for example, filtering or aggregating over results first narrowed by a Lucene search expression.
Note
Field names inside the Lucene query are relative to $d
(the root level of user data). You can combine Lucene search with other DataPrime commands such as filter
, aggregate
, or groupby
.
Syntax
Example
Use case: Combine Lucene filtering with DataPrime analytics
Suppose you want to retrieve only logs where the pod
name contains “recommender” and the event either indicates an error or has a 404
status code. You can use a Lucene expression directly in your query.
Example data
{ "pod": "recommender-01", "is_error": true, "status_code": 500 },
{ "pod": "checkout-02", "is_error": true, "status_code": 200 },
{ "pod": "recommender-02", "is_error": false, "status_code": 404 },
{ "pod": "auth-01", "is_error": false, "status_code": 200 }
Example query
Example output
{ "pod": "recommender-01", "is_error": true, "status_code": 500 },
{ "pod": "recommender-02", "is_error": false, "status_code": 404 }
The lucene
command filters logs based on Lucene syntax before passing the results to any subsequent DataPrime transformations. This makes it ideal for leveraging existing Lucene search expertise within DataPrime workflows.