Skip to content

Logs and traces

Using the query_dataprime tool, you may query logs, spans, and cases in the Compliance (archive) pipeline using DataPrime, Coralogix’s powerful query syntax language. Set the source in your query—source logs, source spans, or a cases dataset—to select what to query. This tool allows AI agents to investigate production issues, filter errors, and analyze trace behavior using structured observability data.

If your query fails, you will receive a message describing how to fix and rerun it.

For example, using Cursor, you may input:

Show me up to 50 error logs from the payment-service application on January 15, 2024.

Your agent will produce a query similar to the following:

{
"query": "source logs | filter $l.applicationname == 'payment-service' | filter $m.severity == ERROR | limit 50",
"start_date": "2024-01-15T00:00:00Z",
"end_date": "2024-01-15T23:59:59Z"
}

Or, for example, using Cursor, you may input:

Find up to 20 spans where the HTTP status code was 500 or higher.

Your agent will produce a query similar to the following:

{
  "query": "source spans | filter $d.http.status_code >= 500 | limit 20"
}

Query parameters

The following parameters are available for querying logs and traces.
NameDescription
queryA DataPrime query to fetch logs or spans, using source logs or source spans and a series of filter/aggregate steps.
start_dateStart of the time range in ISO 8601 format. Defaults to 15 minutes before end_date. Allows dates up to three months back from the current date.
end_dateEnd of the time range in ISO 8601 format. Defaults to now, or 15 minutes after start_date. Allows dates up to three months back from the current date.
limitMaximum number of results to return (default: 20). This is a top-level tool parameter, separate from any limit step inside the query.

Common use-cases

Here are some common use-cases for the server to get you started:

Next steps

Query Prometheus-compatible time-series data with Metrics.