Skip to content
Logchef Logchef

Query Interface

Logchef has two query modes: LogchefQL for quick filtering and SQL for full ClickHouse access.

LogchefQL Mode

Section titled “LogchefQL Mode”

Type filter expressions directly. Time range and LIMIT are handled by the UI controls.

severity_text = "ERROR"
service = "api" and status_code >= 500
body ~ "timeout"

See Search Syntax for the full reference.

SQL Mode

Section titled “SQL Mode”

Write raw ClickHouse SQL. You control everything — time filters, aggregations, joins, CTEs.

SELECT
  toStartOfInterval(timestamp, INTERVAL 5 MINUTE) as bucket,
  count() as count
FROM logs
WHERE timestamp >= now() - INTERVAL 1 HOUR
  AND severity_text = 'ERROR'
GROUP BY bucket
ORDER BY bucket DESC

Switch between modes using the Search / SQL tabs in the editor.

Time Controls

Section titled “Time Controls”
  • Quick ranges — Last 5m, 15m, 1h, 24h, 7d, etc.
  • Absolute range — Type dates directly or pick from the calendar
  • Relative syntaxnow-1h, now-7d in the input fields
  • Timezone — Toggle between browser local and UTC

In LogchefQL mode, the time range is applied automatically. In SQL mode, the time picker is informational — you manage time filters in your SQL.

Query Cancellation

Section titled “Query Cancellation”

Press Esc or click Cancel to stop a running query. This cancels the query in ClickHouse too, not just the HTTP request.

Results

Section titled “Results”

Table View

Section titled “Table View”
  • Click any cell to copy its value
  • Double-click a column header divider to auto-fit width
  • Expand rows with the chevron to see full log details
  • Toggle between standard and compact (terminal-style) view

Histogram

Section titled “Histogram”

The time histogram shows log volume distribution. Click and drag to zoom into a time range. Use Group By to segment by a field (e.g., severity).

Export

Section titled “Export”

Export results as CSV — all rows, visible rows, filtered rows, or current page.

Query Variables

Section titled “Query Variables”

Use {{variable_name}} in SQL to create input fields:

SELECT * FROM logs
WHERE service = {{ service }}
  AND severity_text = {{ level }}
LIMIT {{ limit }}

Variables support text, number, date, dropdown, and multi-select input types. Wrap optional clauses in [[ ]] to auto-remove them when the variable is empty.

Query History

Section titled “Query History”

The editor dropdown shows your 10 most recent queries per source. Click any to reload it.

Saved Queries

Section titled “Saved Queries”

Save frequently used queries to your team’s collection via the Save button. Saved queries preserve the time range, variables, and mode.