// OpenSearch provider for obz. Supports log search and trace operations using Lucene-based query syntax. Requires --index flag. This skill should be used when the user mentions "OpenSearch", "obz -p os", or needs to search logs or traces from an OpenSearch cluster.
| name | obz-opensearch |
| description | OpenSearch provider for obz. Supports log search and trace operations using Lucene-based query syntax. Requires --index flag. This skill should be used when the user mentions "OpenSearch", "obz -p os", or needs to search logs or traces from an OpenSearch cluster. |
| Field | Value |
|---|---|
| Aliases | os, opensearch |
| Signals | Log, Trace |
| Query language | OpenSearch DSL (Lucene-based query string) |
| Auth | Basic auth or bearer token (in config.yaml) |
| Provider flags | --index (required at runtime) |
| Supported cmds | log search, trace search, trace get |
obz log search # Search log entries in an OpenSearch index
obz trace search # Search trace spans in an OpenSearch index
obz trace get # Retrieve a trace by ID from OpenSearch
| Flag | Type | Required | Description |
|---|---|---|---|
--index | String | Yes | Index name or pattern to query |
The --index flag is declared optional at the clap level (so other
providers don't error), but OpenSearch enforces it at runtime. Omitting
it will produce a clear error message.
Configure auth in config.yaml under providers.<name>.auth. Supports
either basic auth or bearer token.
Basic auth:
# config.yaml
providers:
os:
endpoint: https://opensearch.example.com
index: logs-*
auth:
username: admin
password: ${env:OS_PASS}
Bearer token:
providers:
os:
endpoint: https://opensearch.example.com
index: logs-*
auth:
token: ${env:OS_TOKEN}
Then query with just -p:
obz log search -p os -q 'level:ERROR' --from now-1h
OpenSearch accepts Lucene-based query strings in the -q parameter.
level:ERROR # field match
level:ERROR AND service:api # boolean AND
status:(404 OR 500) # grouped OR
message:"connection refused" # phrase match
host:web-* AND NOT path:/health # wildcards and negation
response_time:[500 TO *] # range query
*, ?) work in field values but not at the start of a term
by default (it's expensive).Search logs by level:
obz log search -p os --index 'logs-*' -q 'level:ERROR' --from now-1h
Search with boolean operators:
obz log search -p os --index 'app-logs' \
-q 'service:api AND status:500' --from now-6h
Search traces:
obz trace search -p os --index 'traces-*' -q 'service:frontend' --from now-1h
Retrieve a specific trace:
obz trace get -p os --index 'traces-*' abc123def456
GreptimeDB provider for obz. Covers PromQL metric query, labels, label-values, and series commands via GreptimeDB's Prometheus-compatible API. Use this skill when the user mentions "GreptimeDB", "Greptime", "obz metric -p greptimedb", or needs to query metrics stored in a GreptimeDB instance.
Multi-backend observability CLI for querying metrics, logs, and traces across 12 backends. This skill should be used when the user runs obz commands, constructs metric/log/trace queries, configures providers, parses obz JSON output, or troubleshoots obz errors. Covers all core commands (metric query/list/info/labels/label-values/series, log search, trace search/get), global flags, time formats, output modes, config files, and exit codes.
Datadog provider for obz. Supports metrics (Datadog Query Language), logs (Datadog Log Query), and traces. Requires api-key and app-key configured under auth in config.yaml. Does not support metric labels, label-values, or series commands. This skill should be used when the user mentions "Datadog", "DD", "obz -p dd", Datadog Query Language, or needs to configure Datadog provider instances with regional endpoints.
Elasticsearch provider for obz. Supports log search and trace operations using Elasticsearch Query DSL (Lucene-based). Requires --index flag. This skill should be used when the user mentions "Elasticsearch", "obz -p es", or needs to search logs or traces from an Elasticsearch cluster.
Jaeger provider for obz. Covers trace search, trace retrieval by ID, and extension commands for service and operation discovery. This skill should be used when the user mentions "Jaeger", "obz trace -p jg", or needs to search distributed traces from a Jaeger backend.
Grafana Loki provider for obz. Covers log search using LogQL, a label-based query language for log aggregation. This skill should be used when the user mentions "Loki", "Grafana Loki", "LogQL", "obz log search -p loki", or needs to search logs from a Loki instance.