apitech
/
loki
mirror of https://github.com/grafana/loki
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Like Prometheus, but for logs.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4945 Commits
1063 Branches
354 Tags
711 MiB
 
 
 
 
 
 
Tag: Branch: Tree: ec516facaf
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'ec516facaf'
${ noResults }
loki/docs/sources/operations/blocking-queries.md

63 lines
2.5 KiB
Raw Blame History

---
title: Blocking Queries
description: Blocking Queries
weight: 60
---
# Blocking Queries
In certain situations, you may not be able to control the queries being sent to your Loki installation. These queries
may be intentionally or unintentionally expensive to run, and they may affect the overall stability or cost of running
your service.
You can block queries using [per-tenant overrides]({{<relref "../configuration/#runtime-configuration-file">}}), like so:
```yaml
overrides:
"tenant-id":
blocked_queries:
# block this query exactly
- pattern: 'sum(rate({env="prod"}[1m]))'
# block any query matching this regex pattern
- pattern: '.*prod.*'
regex: true
# block all metric queries
- types: metric
# block any filter or limited queries matching this regex pattern
- pattern: '.*prod.*'
regex: true
types: filter,limited
# block any query that matches this query hash
- hash: 2943214005 # hash of {stream="stdout",pod="loki-canary-9w49x"}
types: filter,limited
```
NOTE: changes to these configurations **do not require a restart**; they are defined in the [runtime configuration file]({{<relref "../configuration/#runtime-configuration-file">}}).
The available query types are:
- `metric`: a query with an aggregation, e.g. `sum(rate({env="prod"}[1m]))`
- `filter`: a query with a log filter, e.g. `{env="prod"} |= "error"`
- `limited`: a query without a filter or a metric aggregation
The `hash` option uses a [32-bit FNV-1](https://en.wikipedia.org/wiki/Fowler%E2%80%93Noll%E2%80%93Vo_hash_function) hash of the query string, represented as a 32-bit unsigned integer.
This can often be easier to use than query strings that are long or require lots of string escaping. A `query_hash` field
is logged with every query request in the `query-frontend` and `querier` logs, for easy reference. Here's an example log line:
```logfmt
level=info ts=2023-03-30T09:08:15.2614555Z caller=metrics.go:152 component=frontend org_id=29 latency=fast
query="{stream=\"stdout\",pod=\"loki-canary-9w49x\"}" query_hash=2943214005 query_type=limited range_type=range ...
```
**Note:** the order of patterns is preserved, so the first matching pattern will be used
## Observing blocked queries
Blocked queries are logged, as well as counted in the `loki_blocked_queries` metric on a per-tenant basis.
## Scope
Queries received via the API and executed as [alerting/recording rules]({{<relref "../alert">}}) will be blocked.