Log Lucene Query to NRQL Shortcut

Hey guys, anyone know if its possible to quickly go from Logs lucene query format to NRQL? For example some kind of shortcut that takes me from

cluster_name:uat-az-westus-iguana-kube source_type:journald host:aks-pool2az0-13449828-vmss00001S service_name:kubelet

in Logs(lucene) to:

SELECT count(*) FROM Log WHERE cluster_name= 'uat-az-westus-iguana-kube' ANDsource_type= 'journald' ANDhost= 'aks-pool2az0-13449828-vmss00001S' ANDservice_name = 'kubelet' SINCE 1651506320752 UNTIL 1651765515752

in Query(NRQL)
Its annoying to have to change : to = manually.

Funnily enough the GUI does this internally when you look for logs so I end up having to copy it from the network tab in developer tools, (pic) I feel like I’m missing some obvious way

Hi, @pzimnoch: If you click the ellipsis menu above the chart and select View query, the UI will show you the NRQL version of the query:

1 Like

Ah I knew it was somewhere simple. Thanks Phil!


Thanks for confirm this was the solution that worked for you.

Glad @philweber was able to help!

Have a great day!