Query Language

Learn the syntax for writing Humio Queries

The Humio Query Language is the syntax that lets you compose queries to retrieve, process, and analyze data in Humio. Queries are generally used on the Search page of the Humio User Interface — see Accessing Data in Repositories and Views.

The query language is built around a chain of data-processing commands linked together. Each expression passes its result to the next expression in the sequence, allowing you to create complex queries by combining query expressions. This architecture is similar to command pipes, a powerful and flexible mechanism for advanced data analysis in Unix and Linux shells.

This reference section on the Humio Query Language provides explanations and detailed descriptions on the following topics:

  • Query Filters

    When querying data in Humio, filters may be used to reduce the results to the relevant data. You can use free-text filters to grep data, or you can filter based on fields, stipulating acceptable field values or using regular expressions for matching field contents. See Query Filters.

  • Operators

    For filtering, there are several operators available: besides logical operators, there are also some comparison operators to narrow search results to what's most important to you. See Operators.

  • Adding Fields

    To improve results sets, as well as to construct more complex queries, you can add fields when querying data. You would do this by using extracting and creating fields with regex, and by some functions designed for this purpose. See Adding Fields.

  • Conditional Statements

    Although Humio's query language does not provide a typical conditional syntax, there are ways to evaluate data conditionally. You can use a case statement or a match statement. See Conditional Expressions.

  • Query Joins

    Humio supports the joining of queries using the join() function. One query can be used to filter or enrich another, thus obtaining a combined result. See Joins.

  • Function Syntax

    You can use query functions to get values, or reduce results. Humio provides many built-in query functions, and you can combine them to create your own. See Query Functions.

  • Time Related Syntax

    For time related queries, you may want to know about Rate Unit Conversion, or about relative time syntax. See Relative Time Syntax.

You may also want to read the Getting Started Tutorial. It will link you to an interactive tutorial that will introduce you to queries in Humio and let you try sample queries that will demonstrate the basic principles.