lucene

Description

The lucene command executes a Lucene query within a DataPrime query, allowing users to seamlessly combine Lucene’s search syntax with DataPrime’s structured query capabilities.

This enables powerful hybrid queries—for example, filtering or aggregating over results first narrowed by a Lucene search expression.

note

Field names inside the Lucene query are relative to $d (the root level of user data). You can combine Lucene search with other DataPrime commands such as filter, aggregate, or groupby.

Syntax

lucene <lucene-query-as-a-string>

Example

Use case: Combine Lucene filtering with DataPrime analytics

Suppose you want to retrieve only logs where the pod name contains “recommender” and the event either indicates an error or has a 404 status code. You can use a Lucene expression directly in your query.

Example data

{ "pod": "recommender-01", "is_error": true, "status_code": 500 },
{ "pod": "checkout-02", "is_error": true, "status_code": 200 },
{ "pod": "recommender-02", "is_error": false, "status_code": 404 },
{ "pod": "auth-01", "is_error": false, "status_code": 200 }

Example query

lucene 'pod:recommender AND (is_error:true OR status_code:404)'

Example output

{ "pod": "recommender-01", "is_error": true, "status_code": 500 },
{ "pod": "recommender-02", "is_error": false, "status_code": 404 }

The lucene command filters logs based on Lucene syntax before passing the results to any subsequent DataPrime transformations. This makes it ideal for leveraging existing Lucene search expertise within DataPrime workflows.