OpenObserve · Capability
openobserve — Search
openobserve — Search. 8 operations. Lead operation: Search data with SQL. Self-contained Naftiko capability covering one Openobserve business surface.
What You Can Do
POST
Searchsql
— Search data with SQL
/v1/api/{org-id}/search
POST
Searchhistory
— Search query history
/v1/api/{org-id}/search-history
POST
Searchpartition
— Search partition data
/v1/api/{org-id}/search-partition
POST
Searchstreamhttp2
— Stream search results
/v1/api/{org-id}/search-stream
POST
Valuesstreamhttp2
— Get field values with HTTP/2 streaming
/v1/api/{org-id}/values-stream
GET
Searcharound
— Search around specific log entry
/v1/api/{org-id}/{stream-name}/around
POST
Searcharoundv2
— Search around specific log record
/v1/api/{org-id}/{stream-name}/around
GET
Searchvalues
— Get distinct field values
/v1/api/{org-id}/{stream-name}/values
MCP Tools
search-data-sql
Search data with SQL
read-only
search-query-history
Search query history
read-only
search-partition-data
Search partition data
read-only
stream-search-results
Stream search results
read-only
get-field-values-http-2
Get field values with HTTP/2 streaming
read-only
search-around-specific-log-entry
Search around specific log entry
read-only
idempotent
search-around-specific-log-record
Search around specific log record
read-only
get-distinct-field-values
Get distinct field values
read-only
idempotent
Capability Spec
naftiko: 1.0.0-alpha2
info:
label: openobserve — Search
description: 'openobserve — Search. 8 operations. Lead operation: Search data with SQL. Self-contained Naftiko capability
covering one Openobserve business surface.'
tags:
- Openobserve
- Search
created: '2026-05-19'
modified: '2026-05-19'
binds:
- namespace: env
keys:
OPENOBSERVE_API_KEY: OPENOBSERVE_API_KEY
capability:
consumes:
- type: http
namespace: openobserve-search
baseUri: ''
description: openobserve — Search business capability. Self-contained, no shared references.
resources:
- name: api-org_id-_search
path: /api/{org_id}/_search
operations:
- name: searchsql
method: POST
description: Search data with SQL
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: org_id
in: path
type: string
description: Organization name
required: true
- name: type
in: query
type: string
description: 'Stream type. one of: logs, metrics, traces. Defaults to logs.'
- name: is_ui_histogram
in: query
type: boolean
description: 'Whether to return histogram data for UI (default: false)'
- name: is_multi_stream_search
in: query
type: boolean
description: 'Indicate is search is for multi stream (default: false)'
- name: validate
in: query
type: boolean
description: Validate query fields against stream schema and User-Defined Schema (UDS). When enabled, returns error
if queried fields are not in schema or not allowed by UDS
- name: body
in: body
type: object
description: Request body (JSON).
required: true
- name: api-org_id-_search_history
path: /api/{org_id}/_search_history
operations:
- name: searchhistory
method: POST
description: Search query history
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: org_id
in: path
type: string
description: Organization ID
required: true
- name: body
in: body
type: object
description: Request body (JSON).
required: true
- name: api-org_id-_search_partition
path: /api/{org_id}/_search_partition
operations:
- name: searchpartition
method: POST
description: Search partition data
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: org_id
in: path
type: string
description: Organization name
required: true
- name: type
in: query
type: string
description: 'Stream type. Must be one of: logs, metrics, traces. Defaults to logs if not specified.'
- name: enable_align_histogram
in: query
type: boolean
description: Enable align histogram
required: true
- name: body
in: body
type: object
description: Request body (JSON).
required: true
- name: api-org_id-_search_stream
path: /api/{org_id}/_search_stream
operations:
- name: searchstreamhttp2
method: POST
description: Stream search results
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: org_id
in: path
type: string
description: Organization name
required: true
- name: is_ui_histogram
in: query
type: boolean
description: Whether to return histogram data for UI
required: true
- name: is_multi_stream_search
in: query
type: boolean
description: Indicate is search is for multi stream
required: true
- name: body
in: body
type: object
description: Request body (JSON).
required: true
- name: api-org_id-_values_stream
path: /api/{org_id}/_values_stream
operations:
- name: valuesstreamhttp2
method: POST
description: Get field values with HTTP/2 streaming
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: org_id
in: path
type: string
description: Organization name
required: true
- name: body
in: body
type: object
description: Request body (JSON).
required: true
- name: api-org_id-stream_name-_around
path: /api/{org_id}/{stream_name}/_around
operations:
- name: searcharound
method: GET
description: Search around specific log entry
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: org_id
in: path
type: string
description: Organization name
required: true
- name: stream_name
in: path
type: string
description: stream_name name
required: true
- name: type
in: query
type: string
description: 'Stream type. Must be one of: logs, metrics, traces. Defaults to logs if not specified.'
- name: key
in: query
type: integer
description: around key
required: true
- name: size
in: query
type: integer
description: around size
required: true
- name: regions
in: query
type: string
description: regions, split by comma
- name: timeout
in: query
type: integer
description: timeout, seconds
- name: searcharoundv2
method: POST
description: Search around specific log record
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: org_id
in: path
type: string
description: Organization name
required: true
- name: stream_name
in: path
type: string
description: stream_name name
required: true
- name: size
in: query
type: integer
description: around size
required: true
- name: regions
in: query
type: string
description: regions, split by comma
- name: timeout
in: query
type: integer
description: timeout, seconds
- name: body
in: body
type: object
description: Request body (JSON).
required: true
- name: api-org_id-stream_name-_values
path: /api/{org_id}/{stream_name}/_values
operations:
- name: searchvalues
method: GET
description: Get distinct field values
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: org_id
in: path
type: string
description: Organization name
required: true
- name: stream_name
in: path
type: string
description: stream_name name
required: true
- name: type
in: query
type: string
description: 'Stream type. Must be one of: logs, metrics, traces. Defaults to logs if not specified.'
- name: fields
in: query
type: string
description: fields, split by comma
required: true
- name: filter
in: query
type: string
description: 'filter, eg: a=b'
- name: keyword
in: query
type: string
description: 'keyword, eg: abc'
- name: size
in: query
type: integer
description: size
required: true
- name: from
in: query
type: integer
description: from
required: true
- name: start_time
in: query
type: integer
description: start time
required: true
- name: end_time
in: query
type: integer
description: end time
required: true
- name: regions
in: query
type: string
description: regions, split by comma
- name: timeout
in: query
type: integer
description: timeout, seconds
- name: no_count
in: query
type: boolean
description: no need count, true of false
authentication:
type: apikey
key: Authorization
value: '{{env.OPENOBSERVE_API_KEY}}'
placement: header
exposes:
- type: rest
namespace: openobserve-search-rest
port: 8080
description: REST adapter for openobserve — Search. One Spectral-compliant resource per consumed operation, prefixed with
/v1.
resources:
- path: /v1/api/{org-id}/search
name: api-org-id-search
description: REST surface for api-org_id-_search.
operations:
- method: POST
name: searchsql
description: Search data with SQL
call: openobserve-search.searchsql
with:
org_id: rest.org_id
type: rest.type
is_ui_histogram: rest.is_ui_histogram
is_multi_stream_search: rest.is_multi_stream_search
validate: rest.validate
body: rest.body
outputParameters:
- type: object
mapping: $.
- path: /v1/api/{org-id}/search-history
name: api-org-id-search-history
description: REST surface for api-org_id-_search_history.
operations:
- method: POST
name: searchhistory
description: Search query history
call: openobserve-search.searchhistory
with:
org_id: rest.org_id
body: rest.body
outputParameters:
- type: object
mapping: $.
- path: /v1/api/{org-id}/search-partition
name: api-org-id-search-partition
description: REST surface for api-org_id-_search_partition.
operations:
- method: POST
name: searchpartition
description: Search partition data
call: openobserve-search.searchpartition
with:
org_id: rest.org_id
type: rest.type
enable_align_histogram: rest.enable_align_histogram
body: rest.body
outputParameters:
- type: object
mapping: $.
- path: /v1/api/{org-id}/search-stream
name: api-org-id-search-stream
description: REST surface for api-org_id-_search_stream.
operations:
- method: POST
name: searchstreamhttp2
description: Stream search results
call: openobserve-search.searchstreamhttp2
with:
org_id: rest.org_id
is_ui_histogram: rest.is_ui_histogram
is_multi_stream_search: rest.is_multi_stream_search
body: rest.body
outputParameters:
- type: object
mapping: $.
- path: /v1/api/{org-id}/values-stream
name: api-org-id-values-stream
description: REST surface for api-org_id-_values_stream.
operations:
- method: POST
name: valuesstreamhttp2
description: Get field values with HTTP/2 streaming
call: openobserve-search.valuesstreamhttp2
with:
org_id: rest.org_id
body: rest.body
outputParameters:
- type: object
mapping: $.
- path: /v1/api/{org-id}/{stream-name}/around
name: api-org-id-stream-name-around
description: REST surface for api-org_id-stream_name-_around.
operations:
- method: GET
name: searcharound
description: Search around specific log entry
call: openobserve-search.searcharound
with:
org_id: rest.org_id
stream_name: rest.stream_name
type: rest.type
key: rest.key
size: rest.size
regions: rest.regions
timeout: rest.timeout
outputParameters:
- type: object
mapping: $.
- method: POST
name: searcharoundv2
description: Search around specific log record
call: openobserve-search.searcharoundv2
with:
org_id: rest.org_id
stream_name: rest.stream_name
size: rest.size
regions: rest.regions
timeout: rest.timeout
body: rest.body
outputParameters:
- type: object
mapping: $.
- path: /v1/api/{org-id}/{stream-name}/values
name: api-org-id-stream-name-values
description: REST surface for api-org_id-stream_name-_values.
operations:
- method: GET
name: searchvalues
description: Get distinct field values
call: openobserve-search.searchvalues
with:
org_id: rest.org_id
stream_name: rest.stream_name
type: rest.type
fields: rest.fields
filter: rest.filter
keyword: rest.keyword
size: rest.size
from: rest.from
start_time: rest.start_time
end_time: rest.end_time
regions: rest.regions
timeout: rest.timeout
no_count: rest.no_count
outputParameters:
- type: object
mapping: $.
- type: mcp
namespace: openobserve-search-mcp
port: 9090
transport: http
description: MCP adapter for openobserve — Search. One tool per consumed operation, routed inline through this capability's
consumes block.
tools:
- name: search-data-sql
description: Search data with SQL
hints:
readOnly: true
destructive: false
idempotent: false
call: openobserve-search.searchsql
with:
org_id: tools.org_id
type: tools.type
is_ui_histogram: tools.is_ui_histogram
is_multi_stream_search: tools.is_multi_stream_search
validate: tools.validate
body: tools.body
outputParameters:
- type: object
mapping: $.
- name: search-query-history
description: Search query history
hints:
readOnly: true
destructive: false
idempotent: false
call: openobserve-search.searchhistory
with:
org_id: tools.org_id
body: tools.body
outputParameters:
- type: object
mapping: $.
- name: search-partition-data
description: Search partition data
hints:
readOnly: true
destructive: false
idempotent: false
call: openobserve-search.searchpartition
with:
org_id: tools.org_id
type: tools.type
enable_align_histogram: tools.enable_align_histogram
body: tools.body
outputParameters:
- type: object
mapping: $.
- name: stream-search-results
description: Stream search results
hints:
readOnly: true
destructive: false
idempotent: false
call: openobserve-search.searchstreamhttp2
with:
org_id: tools.org_id
is_ui_histogram: tools.is_ui_histogram
is_multi_stream_search: tools.is_multi_stream_search
body: tools.body
outputParameters:
- type: object
mapping: $.
- name: get-field-values-http-2
description: Get field values with HTTP/2 streaming
hints:
readOnly: true
destructive: false
idempotent: false
call: openobserve-search.valuesstreamhttp2
with:
org_id: tools.org_id
body: tools.body
outputParameters:
- type: object
mapping: $.
- name: search-around-specific-log-entry
description: Search around specific log entry
hints:
readOnly: true
destructive: false
idempotent: true
call: openobserve-search.searcharound
with:
org_id: tools.org_id
stream_name: tools.stream_name
type: tools.type
key: tools.key
size: tools.size
regions: tools.regions
timeout: tools.timeout
outputParameters:
- type: object
mapping: $.
- name: search-around-specific-log-record
description: Search around specific log record
hints:
readOnly: true
destructive: false
idempotent: false
call: openobserve-search.searcharoundv2
with:
org_id: tools.org_id
stream_name: tools.stream_name
size: tools.size
regions: tools.regions
timeout: tools.timeout
body: tools.body
outputParameters:
- type: object
mapping: $.
- name: get-distinct-field-values
description: Get distinct field values
hints:
readOnly: true
destructive: false
idempotent: true
call: openobserve-search.searchvalues
with:
org_id: tools.org_id
stream_name: tools.stream_name
type: tools.type
fields: tools.fields
filter: tools.filter
keyword: tools.keyword
size: tools.size
from: tools.from
start_time: tools.start_time
end_time: tools.end_time
regions: tools.regions
timeout: tools.timeout
no_count: tools.no_count
outputParameters:
- type: object
mapping: $.