cx-dataprime
DataPrime Query Language
Reference for the DataPrime query language used across Coralogix to search and analyze logs, spans, and other observability data. Covers syntax, commands, operators, and functions.
This skill is the language reference. To actually run queries against a specific data source, use the appropriate source-specific skill instead.
Quick Reference
A DataPrime query is a pipeline of commands separated by |:
filter $m.severity == ERROR | groupby $l.subsystemname aggregate count() as errors | orderby errors desc
Full Reference
See DataPrime Reference for the complete language documentation:
- Query structure and pipeline syntax
- Data prefixes (
$m,$l,$d) and field access - All commands:
filter,groupby,choose,create,extract,orderby,dedupeby,wildfind,lucene, and more - Operators: comparison, logical, contains (
~), null checks - Aggregation functions:
count,sum,avg,min,max,percentile,distinct_count, etc. - Type conversions, time bucketing (
roundTime), multi-value matching (arrayContains) - Text extraction with regex and JSON parsing
- Built-in documentation commands (
cx dataprime list,cx dataprime show)
More from coralogix/cx-cli
cx-telemetry-querying
|
113cx-alerts
This skill should be used when the user asks to "manage alerts", "create alert", "list alerts", "check alert status", "enable alert", "disable alert", "investigate firing alerts", "check which alerts are active", "find alerting rules", "set up an alert", "configure alerting", "mute an alert", "silence an alert", "see alert definitions", "check alert priority", or wants to manage Coralogix alert definitions using the cx CLI.
105cx-observability-setup
>
98cx-incident-management
>
97cx-create-dashboard
>
94cx-cost-optimization
>
90