apitech
/
loki
mirror of https://github.com/grafana/loki
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Like Prometheus, but for logs.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2665 Commits
1063 Branches
354 Tags
711 MiB
Tag: Branch: Tree: a707ced67f
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'a707ced67f'
${ noResults }
loki/docs/sources/logql/query_examples.md

65 lines
1.4 KiB
Raw Normal View History Unescape

Docs: improve LogQL section (#4145) * Docs: improve LogQL section - Add a subsection for examples - Fix typos and wording * Update docs/sources/logql/query_examples.md Co-authored-by: Sandeep Sukhani <sandeep.d.sukhani@gmail.com> * Update docs/sources/logql/query_examples.md Co-authored-by: Sandeep Sukhani <sandeep.d.sukhani@gmail.com> Co-authored-by: Owen Diehl <ow.diehl@gmail.com> Co-authored-by: Sandeep Sukhani <sandeep.d.sukhani@gmail.com>
4 years ago
---
title: Query examples
Docs: Organize and edit the LogQL section (#4342) * Docs: Organize and edit the LogQL section * Update docs/sources/logql/metric_queries.md Co-authored-by: Danny Kopping <dannykopping@gmail.com> Co-authored-by: Danny Kopping <dannykopping@gmail.com>
4 years ago
weight: 50
Docs: improve LogQL section (#4145) * Docs: improve LogQL section - Add a subsection for examples - Fix typos and wording * Update docs/sources/logql/query_examples.md Co-authored-by: Sandeep Sukhani <sandeep.d.sukhani@gmail.com> * Update docs/sources/logql/query_examples.md Co-authored-by: Sandeep Sukhani <sandeep.d.sukhani@gmail.com> Co-authored-by: Owen Diehl <ow.diehl@gmail.com> Co-authored-by: Sandeep Sukhani <sandeep.d.sukhani@gmail.com>
4 years ago
---
# Query examples
Some useful query examples here.
## Log Query examples
### Examples that filter on IP address
- Return log lines that are not within a range of IPv4 addresses:
```logql
{job_name="myapp"} != ip("192.168.4.5-192.168.4.20")
```
- This example matches log lines with all IPv4 subnet values `192.168.4.5/16` except IP address `192.168.4.2`:
```logql
{job_name="myapp"}
| logfmt
| addr = ip("192.168.4.5/16")
| addr != ip("192.168.4.2")
```
### Examples that aid in security evaluation
- Extract the user and IP address of failed logins from Linux `/var/log/secure`
```logql
{job="security"}
|~ "Invalid user.*"
| regexp "(^(?P<user>\\S+ {1,2}){8})"
| regexp "(^(?P<ip>\\S+ {1,2}){10})"
| line_format "IP = {{.ip}}\tUSER = {{.user}}"
```
- Get successful logins from Linux `/var/log/secure`
```logql
{job="security"}
!= "grafana_com"
|= "session opened"
!= "sudo: "
|regexp "(^(?P<user>\\S+ {1,2}){11})"
| line_format "USER = {{.user}}"
```
## Metrics Query examples
- Return the per-second rate of all non-timeout errors
within the last minutes per host for the MySQL job,
and only include errors whose duration is above ten seconds.
```
sum by (host) (rate({job="mysql"}
|= "error" != "timeout"
| json
| duration > 10s [1m]))
```