source - Read your data

The source command is a foundational component of DataPrime. It informs the DataPrime engine which datasource you wish to read from.

Syntax

(source|from) <data_store>

Basic usage

In DataPrime, you read data by specifying a dataset within an optional dataspace:

source <dataspace>/<dataset>

If no dataspace is provided, the query defaults to the default dataspace. This allows for concise syntax when working within the most common data sources.

Common datasets include:

• logs – Application and infrastructure logs. Default dataset. Equivalent to source default/logs.
• spans – Distributed tracing data from systems like OpenTelemetry. Equivalent to source default/spans.
• enrichments/<name> – custom enrichment tables uploaded via the UI or API. For example: source default/enrichments/ip_lookup

You can also query system-generated datasets such as:

• system/engine.queries – Logs of all DataPrime query executions.
• system/alerts.history – Historical records of alert events.

Dataset names may include dots (e.g., engine.queries) but are still treated as flat identifiers—not nested structures.

This structure supports querying across teams, environments, or pipelines—whether you’re debugging logs, analyzing performance, or auditing notifications.

Key examples

To query logs from the default dataspace:

source logs

This is equivalent to:

source default/logs

To query spans from the default dataspace:

source spans

To query system generated data such as engine.query logs:

source system/engine.queries

Try it yourself

In the Explore screen, enter:

source logs

You’ll see all log events from the default dataspace within the currently selected timeframe.

To view traces instead:

source spans

This switches the dataset to spans while staying in the same dataspace context.