Query Builder should use stream filters and exact filters based on field type. #529
Description
Problem
Currently, the Query Builder in the VictoriaLogs datasource generates generic word/phrase filters for all selected fields (e.g., field:value). While this works, it has two main drawbacks:
- Performance & Optimization: It ignores the distinction between stream fields and log fields. VictoriaLogs is most efficient when queries are narrowed down using stream filters.
- Precision: When a user selects a specific value from the Query Builder's dropdown, they usually expect an exact match. The current behavior uses a word/phrase filter (
field:value) instead of an exact filter (field:=value), which can lead to unexpected results if the value is a substring of another value.
Proposed Solution
The Query Builder should be "context-aware" regarding the schema of the logs. It should determine if a field is a stream field or a regular log field and format the query accordingly:
- If the field is a Stream Field: Use the stream filter syntax:
{field="value"}. - If the field is a Log Field: Use the exact filter syntax:
field:="value".
This logic ensures that the generated query is both highly performant (by utilizing stream indexes) and precise (by using exact matching).
Examples
Current Behavior: Selecting host (stream field) as web-1 and trace_id (log field) produces: host: "web-1" AND trace_id: "000afad593e45b4d8602149045e8e32b"
Proposed Behavior: The same selection should produce: {host="web-1"} trace_id:="000afad593e45b4d8602149045e8e32b"
I think this change would bring the Query Builder closer to the "best practices" of writing manual LogsQL. Also it leverages the performance benefits of VictoriaLogs' storage engine.