Skip to content

DataPrime Query Assistance

Describe what you're looking for in everyday language, and Olly converts your description into a structured DataPrime query — saving you the trouble of writing complex queries manually.

How it works

DataPrime Query Assistance uses a large language model (LLM) to interpret natural language requests and generate precise DataPrime queries.

  • Natural language to structured queries — Enter your request in plain English, and Olly generates a DataPrime query
  • Flexible query modification — After the query is generated, review and adjust it in the DataPrime editor before running it
  • Smart input evaluation — Olly detects and corrects spelling mistakes, prevents syntax errors, and validates that input is within DataPrime scope. Invalid input is automatically rejected.

Note

LLM-based systems are still evolving and can make mistakes. Validate any generated DataPrime query before running it.

Limitations

  • DataPrime Query Assistance is available for querying logs only
  • DataPrime Query Assistance supports single-turn interaction only — one prompt and one generated query per session
  • Maximum prompt length is 700 characters

Query examples

Common queries with example prompts and generated DataPrime output:

Simple field-based filter

Prompt: Show me all logs with application name default

source logs
| filter $l.applicationname == 'default'

Multiple filters

Prompt: Show me all logs with severity error or higher where the subsystem name is archive

source logs
| filter $m.severity >= ERROR
| filter $l.subsystemname == 'archive'

Aggregation

Prompt: Count all errors by application name

source logs
| filter $m.severity == ERROR
| groupby $l.applicationname aggregate count() as error_count

Aggregation and filtering

Prompt: Show me all logs where the cloud provider is aws and group it by subsystem

source logs
| filter $d.resource.attributes['cloud.provider'] == 'aws'
| groupby $l.subsystemname

Advanced calculation

Prompt: Find the average grpc.timems where grpc code is not ok

source logs
| filter $d.grpc.code != 'ok'
| groupby true aggregate avg($d.grpc.timems) as average_grpc_times

Note

Due to DataPrime limitations, aggregate functions (sum, avg, count, etc.) require a computation anchor. The groupby true aggregate expression serves as a boolean anchor for the aggregate function.

Prerequisites

Olly must be enabled for your team. See Enable Olly.

Enable DataPrime Query Assistance

  1. Verify that you have permission to manage AI settings.
  2. Go to Settings, then Account Preferences.
  3. Under AI-Powered Capabilities, turn on the DataPrime Query Assistance toggle.

Use DataPrime Query Assistance

  1. On the Explore logs screen, select DataPrime as your query language.
  2. Select Query Assistant to enable it.
  3. Enter your prompt in plain English. Select Generate DataPrime Query or Enter.
  4. Review the prompt (shown in purple) and the resulting DataPrime query. Modify the query in the DataPrime editor if needed, then select Run to execute the query.

Feedback

Rate Olly's responses with a thumbs up or thumbs down to help improve query generation quality.

  • Select thumbs up if the generated query is accurate
  • Select thumbs down and complete the feedback form to report issues or suggest improvements
Need help? Contact Support.
What's new? Find out here.
LLM? Read llms.txt.
Previous Dynamic Tables and Export
Next Explain Log