apitech
/
loki
mirror of https://github.com/grafana/loki
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

docs: Update LogCLI topic (#15376)

Browse Source
pull/15405/head^2
J Stickler 1 year ago committed by GitHub
parent 07e4df8007
commit bc3d994ff3
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 194 additions and 106 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 4
      docs/sources/query/logcli/_index.md
  2. 296
      docs/sources/query/logcli/getting-started.md

4
docs/sources/query/logcli/_index.md
Unescape View File

@ -11,5 +11,5 @@ weight: 600
LogCLI is a command-line tool for querying and exploring logs in Grafana Loki:
* Installation and Reference: [LogCLI](https://grafana.com/docs/loki/<LOKI_VERSION>/query/logcli/logcli/)
* Getting started tutorial: [LogCLI Tutorial](https://grafana.com/docs/loki/<LOKI_VERSION>/query/logcli/logcli-tutorial)
* Installation and Reference: [LogCLI](https://grafana.com/docs/loki/<LOKI_VERSION>/query/logcli/getting-started/)
* Getting started tutorial: [LogCLI Tutorial](https://grafana.com/docs/loki/<LOKI_VERSION>/query/logcli/logcli-tutorial)

296
docs/sources/query/logcli/getting-started.md
Unescape View File

@ -3,25 +3,33 @@ title: LogCLI getting started
menuTItle: Getting started
description: Installation and reference for LogCLI, a command-line tool for querying and exploring logs in Grafana Loki.
aliases:
- ../getting-started/logcli/
- ../tools/logcli/
- ../query
- ../query/logcli/
weight: 150
---
# LogCLI getting started
LogCLI is the command-line interface to Grafana Loki.
It facilitates running [LogQL](https://grafana.com/docs/loki/<LOKI_VERSION>/query)
queries against a Loki instance.
logcli is a command-line client for Loki that lets you run [LogQL](https://grafana.com/docs/loki/<LOKI_VERSION>/query) queries against your Loki instance. The `query` command will output extra information about the query and its results, such as the API URL, set of common labels, and set of excluded labels.
## Installation
This is useful, for example, if you want to download a range of logs from Loki. Or want to perform analytical administration tasks, for example, discover the number of log streams to understand your label cardinality, or find out the estimated volume of data that a query will search over. You can also use logcli as part of shell scripts.
If you are a Grafana Cloud user, you can also use logcli to query logs that you have exported to long-term storage with [Cloud Logs Export](https://grafana.com/docs/grafana-cloud/send-data/logs/export/), or any other Loki formatted log data.
{{< admonition type="note" >}}
Note that logcli is a querying tool, it cannot be used to ingest logs.
{{< /admonition >}}
## Install logcli
As a best practice, you should download the version of logcli that matches your Loki version. And upgrade your logcli when you upgrade your version of Loki.
### Binary (Recommended)
Download the `logcli` binary from the
[Loki releases page](https://github.com/grafana/loki/releases).
Builds are available for Linux, Mac, and Windows.
### Build LogCLI from source
Clone the Loki repository and build `logcli` from source:
@ -43,99 +51,74 @@ cp cmd/logcli/logcli /usr/local/bin/logcli
You can set up tab-completion for `logcli` with one of the two options, depending on your shell:
- For bash, add this to your `~/.bashrc` file:
```
eval "$(logcli --completion-script-bash)"
```
```bash
eval "$(logcli --completion-script-bash)"
```
- For zsh, add this to your `~/.zshrc` file:
```
eval "$(logcli --completion-script-zsh)"
```
```bash
eval "$(logcli --completion-script-zsh)"
```
## LogCLI usage
### Grafana Cloud example
Once you have installed logcli, you can run it in the following way:
If you are running on Grafana Cloud, use:
`logcli <command> [<flags>, <args> ...]`
```bash
export LOKI_ADDR=https://logs-us-west1.grafana.net
export LOKI_USERNAME=<username>
export LOKI_PASSWORD=<password>
```
`<command>` points to one of the commands, detailed in the [command reference](http://localhost:3002/docs/loki/<LOKI_VERSION>/query/logcli/getting-started/#logcli-command-reference) below.
Otherwise you can point LogCLI to a local instance directly
without needing a username and password:
`<flags>` is one of the subcommands available for each command.
```bash
export LOKI_ADDR=http://localhost:3100
```
`<args>` is a list of space separated arguments. Arguments can optionally be overridden using environment variables. Environment variables will always take precedence over command line arguments.
{{< admonition type="note" >}}
If you are running Loki behind a proxy server and you have
authentication configured, you will also have to pass in LOKI_USERNAME
and LOKI_PASSWORD, LOKI_BEARER_TOKEN or LOKI_BEARER_TOKEN_FILE accordingly.
{{< /admonition >}}
### Authenticate to Loki
```bash
$ logcli labels job
https://logs-dev-ops-tools1.grafana.net/api/prom/label/job/values
loki-ops/consul
loki-ops/loki-gw
...
To connect to a Loki instance, set the following argument:
$ logcli query '{job="loki-ops/consul"}'
https://logs-dev-ops-tools1.grafana.net/api/prom/query?query=%7Bjob%3D%22loki-ops%2Fconsul%22%7D&limit=30&start=1529928228&end=1529931828&direction=backward&regexp=
Common labels: {job="loki-ops/consul", namespace="loki-ops"}
2018-06-25T12:52:09Z {instance="consul-8576459955-pl75w"} 2018/06/25 12:52:09 [INFO] raft: Snapshot to 475409 complete
2018-06-25T12:52:09Z {instance="consul-8576459955-pl75w"} 2018/06/25 12:52:09 [INFO] raft: Compacting logs from 456973 to 465169
...
- `--addr=http://loki.example.com:3100` or the `LOKI_ADDR` environment variable
$ logcli series -q --match='{namespace="loki",container_name="loki"}'
{app="loki", container_name="loki", controller_revision_hash="loki-57c9df47f4", filename="/var/log/pods/loki_loki-0_8ed03ded-bacb-4b13-a6fe-53a445a15887/loki/0.log", instance="loki-0", job="loki/loki", name="loki", namespace="loki", release="loki", statefulset_kubernetes_io_pod_name="loki-0", stream="stderr"}
```
For example, to query a local Loki instance directly without needing a username and password:
### Batched queries
```bash
export LOKI_ADDR=http://localhost:3100
LogCLI sends queries to Loki such that query results arrive in batches.
logcli query '{service_name="website"}'
```
The `--limit` option for a `logcli query` command caps the quantity of
log lines for a single query.
When not set, `--limit` defaults to 30.
The limit protects the user from overwhelming the system
for cases in which the specified query would have returned a large quantity
of log lines.
The limit also protects the user from unexpectedly large responses.
To connect to a Loki instance which requires authentication, you will need to additionally set the following arguments:
The quantity of log line results that arrive in each batch
is set by the `--batch` option in a `logcli query` command.
When not set, `--batch` defaults to 1000.
- `--username` or the `LOKI_USERNAME` environment variable
- `--password` or the `LOKI_PASSWORD` environment variable
Setting a `--limit` value larger than the `--batch` value causes the
requests from LogCLI to Loki to be batched.
Loki has a server-side limit that defaults to 5000 for the maximum quantity
of lines returned for a single query.
The batching of requests allows you to query for a results set that
is larger than the server-side limit,
as long as the `--batch` value is less than the server limit.
For example, to query Grafana Cloud:
Query metadata is output to `stderr` for each batch.
Set the `--quiet` option on the `logcli query` command line to suppress
the output of the query metadata.
```bash
export LOKI_ADDR=https://logs-us-west1.grafana.net
export LOKI_USERNAME=<username>
export LOKI_PASSWORD=<password>
### Configuration
logcli query '{service_name="website"}'
```
To specify a particular tenant, set the following argument:
Configuration values are considered in the following order (lowest to highest):
- `--org-id` or the `LOKI_ORG_ID` environment variable
- Environment variables
- Command-line options
{{< admonition type="note" >}}
If you are running Loki behind a proxy server and you have
[authentication](https://grafana.com/docs/loki/<LOKI_VERSION>/operations/authentication/) configured, you will also have to pass in LOKI_USERNAME
and LOKI_PASSWORD, LOKI_BEARER_TOKEN or LOKI_BEARER_TOKEN_FILE accordingly.
{{< /admonition >}}
### LogCLI command reference
## LogCLI command reference
The output of `logcli help`:
```nohighlight
usage: logcli [<flags>] <command> [<args> ...]
```shell
usage: logcli <command> [<flags>][<args> ...]
A command-line for Loki.
@ -251,7 +234,7 @@ Commands:
The output of `logcli help query`:
```
```shell
usage: logcli query [<flags>] <query>
Run a LogQL query.
@ -290,7 +273,7 @@ point (like what is seen in the Grafana Explore table view), then you should use
Parallelization:
You can download an unlimited number of logs in parallel, there are a few flags which control this behaviour:
You can download an unlimited number of logs in parallel, there are a few flags which control this behavior:
--parallel-duration
--parallel-max-workers
@ -394,7 +377,7 @@ Flags:
file. Default will skip a range if it's part file is already downloaded.
--merge-parts Reads the part files in order and writes the output to stdout. Original part files will be deleted with this
option.
--keep-parts Overrides the default behaviour of --merge-parts which will delete the part files once all the files have been
--keep-parts Overrides the default behavior of --merge-parts which will delete the part files once all the files have been
read. This option will keep the part files.
--forward Scan forwards through logs.
--no-labels Do not print any labels
@ -419,7 +402,7 @@ Args:
The output of `logcli help instant-query`:
```
```shell
usage: logcli instant-query [<flags>] <query>
Run an instant LogQL query.
@ -490,7 +473,7 @@ Args:
The output of `logcli help labels`:
```
```shell
usage: logcli labels [<flags>] [<label>]
Find values for a given label.
@ -541,7 +524,7 @@ Args:
The output of `logcli help series`:
```
```shell
usage: logcli series [<flags>] <matcher>
Run series query.
@ -600,7 +583,7 @@ Args:
The output of `logcli help fmt`:
```
```shell
usage: logcli fmt
Formats a LogQL query.
@ -645,7 +628,7 @@ Flags:
The output of `logcli help stats`:
```
```shell
usage: logcli stats [<flags>] <query>
Run a stats query.
@ -713,7 +696,7 @@ Args:
The output of `logcli help volume`:
```
```shell
usage: logcli volume [<flags>] <query>
Run a volume query.
@ -785,7 +768,7 @@ Args:
The output of `logcli help volume_range`:
```
```shell
usage: logcli volume_range [<flags>] <query>
Run a volume query and return timeseries data.
@ -859,7 +842,7 @@ Args:
The output of `logcli help detected-fields`:
```
```shell
usage: logcli detected-fields [<flags>] <query> [<field>]
Run a query for detected fields..
@ -926,28 +909,133 @@ Args:
[<field>] The name of the field.
```
### `--stdin` usage
### Use `--stdin` to query locally
You can use the logcli `–stdin` argument to run a command against a log file on your local machine, instead of a Loki instance. This lets you use LogQL to query a local log file without having to load the file into Loki, for example if you have downloaded a log file and want to query it outside of Loki.
If you have log files in your local machine, and just want to run some LogQL queries against those log files, `--stdin` flag can help.
You may use `stdin` flag to do the following:
You can consume log lines from your `stdin` instead of Loki servers.
- Use as a quick way to test or validate a LogQL expression against some log data.
- Learn the basics of LogQL with just local log files and the `logcli` tool (without needing to set up Loki servers, Grafana, etc.).
- Enable troubleshooting by letting you run queries without accessing a Loki instance.
- Use LogQL to parse and extract data from a local log file without ingesting the data into Loki.
- Enable discussion on public forums, for example submitting questions and answers, and sharing LogQL expressions.
Say you have log files in your local, and just want to do run some LogQL queries for that, `--stdin` flag can help.
#### Notes on `stdin` usage
1. The `--limits` flag doesn't have any meaning when using `--stdin` (use pager like `less` for that).
1. Be aware there are no **labels** when using `--stdin`. So the stream selector in the query is optional, for example, just `|="timeout"|logfmt|level="error"` is same as `{foo="bar"}|="timeout|logfmt|level="error"`.
{{< admonition type="note" >}}
Currently it doesn't support any type of metric queries.
Currently `stdin` doesn't support any type of metric queries.
{{< /admonition >}}
You may have to use `stdin` flag for several reasons
1. Quick way to check and validate a LogQL expressions.
2. Learn basics of LogQL with just Log files and `LogCLI`tool ( without needing set up Loki servers, Grafana etc.)
3. Easy discussion on public forums. Like Q&A, Share the LogQL expressions.
**NOTES on Usage**
1. `--limits` flag doesn't have any meaning when using `--stdin` (use pager like `less` for that)
1. Be aware there are no **labels** when using `--stdin`
- So stream selector in the query is optional e.g just `|="timeout"|logfmt|level="error"` is same as `{foo="bar"}|="timeout|logfmt|level="error"`
**Examples**
1. Line filter - `cat mylog.log | logcli --stdin query '|="too many open connections"'`
2. Label matcher - `echo 'msg="timeout happened" level="warning"' | logcli --stdin query '|logfmt|level="warning"'`
3. Different parsers (logfmt, json, pattern, regexp) - `cat mylog.log | logcli --stdin query '|pattern <ip> - - <_> "<method> <uri> <_>" <status> <size> <_> "<agent>" <_>'`
4. Line formatters - `cat mylog.log | logcli --stdin query '|logfmt|line_format "{{.query}} {{.duration}}"'`
#### `stdin` examples
- Line filter - `cat mylog.log | logcli --stdin query '|="too many open connections"'`
- Label matcher - `echo 'msg="timeout happened" level="warning"' | logcli --stdin query '|logfmt|level="warning"'`
- Different parsers (logfmt, json, pattern, regexp) - `cat mylog.log | logcli --stdin query '|pattern <ip> - - <_> "<method> <uri> <_>" <status> <size> <_> "<agent>" <_>'`
- Line formatters - `cat mylog.log | logcli --stdin query '|logfmt|line_format "{{.query}} {{.duration}}"'`
## Batching
logcli sends queries to Loki in such a way that query results arrive in batches.
The `--limit` option for a `logcli query` command limits the total number of log lines that will be returned for a single query.
When not set, `--limit` defaults to 30.
The limit protects the user from overwhelming Loki in cases where the specified query would have returned a large number of log lines.
The limit also protects the user from unexpectedly large responses.
Larger result sets can be batched for easier consumption. Use the `--batch` option to control the number of log line results that are returned in each batch.
When not set, `--batch` defaults to 1000.
Setting a `--limit` value larger than the `--batch` value will cause the
requests from logcli to Loki to be batched.
When you run a query in Loki, it will return up to a certain number of log lines. By default, this limit is 5000 lines. You can configure this server limit with the `limits_config.max_entries_limit_per_query` in Loki's configuration.
Batching lets you query for a results set that is larger than this server-side limit, as long as the `--batch` value is less than the server limit.
Query metadata is output to `stderr` for each batch.
To suppress the output of the query metadata, set the `--quiet` option on the `logcli query` command line.
## logcli example queries
Here are some examples of logcli.
Find all values for a label.
```bash
logcli labels job
```
```bash
https://logs-dev-ops-tools1.grafana.net/api/prom/label/job/values
loki-ops/consul
loki-ops/loki-gw
```
Print all labels and their unique values. This command is especially useful for finding [high-cardinality labels](https://grafana.com/docs/loki/<LOKI_VERSION>/get-started/labels/#cardinality) in the index.
```bash
logcli series '{cluster="vinson"}' --analyze-labels
```
```bash
2024/10/31 13:46:25 https://logs-prod-008.grafana.net/loki/api/v1/series?end=1730382385746344416&match=%7Bcluster%3D%22vinson%22%7D&start=1730378785746344416
Total Streams: 10
Unique Labels: 10
Label Name Unique Values Found In Streams
service_name 8 10
pod 7 7
job 6 10
app_kubernetes_io_name 6 6
container 5 7
namespace 3 10
stream 2 7
flags 1 7
instance 1 3
cluster 1 10
```
Get all logs for a given stream
```bash
logcli query '{job="loki-ops/consul"}'
```
```bash
https://logs-dev-ops-tools1.grafana.net/api/prom/query?query=%7Bjob%3D%22loki-ops%2Fconsul%22%7D&limit=30&start=1529928228&end=1529931828&direction=backward&regexp=
Common labels: {job="loki-ops/consul", namespace="loki-ops"}
2018-06-25T12:52:09Z {instance="consul-8576459955-pl75w"} 2018/06/25 12:52:09 [INFO] raft: Snapshot to 475409 complete
2018-06-25T12:52:09Z {instance="consul-8576459955-pl75w"} 2018/06/25 12:52:09 [INFO] raft: Compacting logs from 456973 to 465169
```
Print all log streams for the given stream selector. This example shows all known label combinations that match your query.
```bash
logcli series -q --match='{namespace="loki",container_name="loki"}'
```
```bash
{app="loki", container_name="loki", controller_revision_hash="loki-57c9df47f4", filename="/var/log/pods/loki_loki-0_8ed03ded-bacb-4b13-a6fe-53a445a15887/loki/0.log", instance="loki-0", job="loki/loki", name="loki", namespace="loki", release="loki", statefulset_kubernetes_io_pod_name="loki-0", stream="stderr"}
```
## Troubleshoot logcli
Make sure that the version of Logcli you are using matches your Loki version.
You can check your logcli version with the following command:
```bash
logcli –version
```
If you experience timeouts, you can update the following setting in your `logcli-config.yaml` file.
```yaml
limits_config:
query_timeout: 10m
```

Write Preview
Loading…
Cancel
Save