Powerful filtering at your fingertips
The --filter flag accepts the same expression language you use in the Dash0 UI so you can zero in on exactly the records that matter. Combine multiple filters (AND logic) to slice through millions of log lines in seconds:
12345dash0 -X logs query \--from now-1h \--filter "service.name is api-gateway" \--filter "otel.log.severity.range is_one_of ERROR FATAL" \--limit 200
Supported operators range from exact matches (is, is_not) and substring checks (contains, starts_with) to regex (matches), numeric comparisons (gt, gte, lt, lte), and presence tests (is_set, is_not_set). If you can describe the condition in the Dash0 Logging Explorer, the CLI can express it.
Flexible output for humans and machines
By default, logs query prints a clean table with timestamp, severity, and body. Need the full OTLP payload for a script? Switch to --output json. Feeding results into awk or a spreadsheet? Use --output csv.
Custom columns let you pull any attribute into view:
1234dash0 -X logs query \--column time \--column service.name \--column body
Any OTLP attribute key, at resource, scope, or log record level, works as a column, so you see exactly the dimensions you care about.
Built for automation
Relative timestamps (now-15m, now-1h), machine-readable CSV output, and --skip-header make logs query a natural fit for shell scripts, CI checks, and AI-agent workflows. Pipe it into jq, grep, or your favorite data tool.
12345# Count errors in the last 30 minutesdash0 -X logs query \--from now-30m \--filter "otel.log.severity.range is ERROR" \-o csv --skip-header | wc -l
Get started
Install or update the Dash0 CLI, set your credentials, and start querying:
1234export DASH0_API_URL=... # Get the value at https://app.dash0.com/goto/settings/endpoints?endpoint_type=api_httpexport DASH0_AUTH_TOKEN=... # Get the value at https://app.dash0.com/goto/settings/auth-tokensdash0 -X logs query --from now-1h
Logs query is an experimental command: enable it with the -X flag and let us know what you think.