Explore documentation
  1. Welcome to Telemetry👋
  2. Quick start guide
  3. Ingesting data
    1. Vector (Recommended)
    2. OpenTelemetry
    3. Ingesting via HTTP API
    4. Ingesting metrics
    5. Ingesting logs
    6. Migrating to Better Stack
  4. Telemetry API
    1. Getting an API token
    2. Sources API
    3. Metrics API
    4. Query API
  5. Using the product
    1. Wide events vs. time series
    2. Transforming ingested data
    3. Querying data
      1. Live tail
      2. Explore
      3. Dashboards
      4. Faster queries
    4. Alerts

Faster queries

Optimize your query performance to get faster results when exploring your logs and metrics.

Running the same query repeatedly?

Extract values as unaggregated fields in Sources → Your source → Metrics tab instead of querying logs each time. This converts your frequently-accessed log data into time series metrics for much faster retrieval.

Learn more about Extracting metrics from logs.

Metrics are billed based on cardinality

Extracting fields with many unique values can significantly increase your costs. See How do we bill for metrics? for details.

Understanding your data types

Our infrastructure handles wide events (logs) and time series (metrics) differently, with metrics offering much faster query performance. Learn more about Wide events vs. time series.

If you're frequently running the same queries, consider whether your use case would benefit from converting log data to metrics.

When to use metrics vs. logs

Use metrics when:

  • Running the same query repeatedly.
  • Need sub-second query performance.
  • Working with numerical data and aggregations.
  • Building dashboards and alerts.

Use logs when:

  • Performing ad-hoc exploration.
  • Need full context and details.
  • Debugging specific issues.
  • Working with unstructured data.

Optimizing ad-hoc log queries

Quickly analyze logs in Live tail → Explore using Log filtering, Drag and Drop, or custom SQL expression. Read more about all features of Explore.

For faster queries on your wide events (logs), try these optimization techniques:

1. Narrow your time range

Shorter time frames significantly reduce the amount of data processed.

Narrowing the time range

2. Query specific sources

Instead of searching across all sources, target the specific source containing your data.

  • Select individual sources in the source dropdown.
  • Avoid querying All sources when possible.

Querying a single source

3. Use sampling for exploration

Enable Sampling to work with a representative subset of your data while developing and testing queries.

Using sampling

4. Request additional compute

For consistently slow queries on large datasets, we can add more compute power to your cluster:

  • Share a slow Live tail link with our support team.
  • We'll analyze your data volume and query performance.
  • Small adjustments are often available at no charge.
  • Larger performance improvements for very large datasets may require a custom cluster for an additional cost.

Custom clusters for high performance

For applications requiring consistently fast queries over large datasets and long time periods, we can provision dedicated compute resources:

  • Tailored setup: Custom cluster sized for your specific needs.
  • Dedicated compute: No resource sharing with other workloads.
  • Faster speeds: Optimized for your query patterns and data volume.
  • Additional cost: Comes with dedicated infrastructure pricing.

Contact our support team at hello@betterstack.com to discuss custom cluster options for your use case 📩

Getting help

Generally speaking, we can make querying as fast as needed through query optimization or infrastructure scaling. If you're experiencing slow query performance:

  1. Try the optimization techniques above.
  2. Share a slow Live tail link with our support team using the in-app chat or at hello@betterstack.com.
  3. Describe your performance requirements and use case.

We're happy to help find the right balance of performance and cost for your needs 🚀

Better Stack support team

Previous article

Transforming query results with JavaScript

Next article

Alerts