Skip to content

LogQL Supported Queries

Jump to bottom
akvlad edited this page Sep 24, 2021 · 32 revisions

Log Stream Selector

{label_1 = "value1", label2 =~ ".+value[2-3]"}

  • =: exactly equal
  • !=: not equal
  • =~: regex matches
  • !~: regex does not match

NOTE! label !~ ".+" shows nothing instead of all the logs without label. All the compared "fingerprints" are checked against having the searching label.

Line Filter Expression

{label1="1"} |= "ERROR"

  • |=: Log line contains string
  • !=: Log line does not contain string
  • |~: Log line contains a match to the regular expression
  • !~: Log line does not contain a match to the regular expression

Label Filter Expression

String filters

  • =: exactly equal
  • !=: not equal
  • =~: regex matches
  • !~: regex does not match

Number and duration filters are unsupported

OR and , expressions are unsupported

Parser Expression

{label1="val1"} |json

  • json with parameters
  • json without parameters
  • logfmt
  • pattern
  • regexp
  • unpack

Log Range Aggregations

rate({label1="val1"} [1m])

  • rate(log-range)
  • count_over_time(log-range)
  • bytes_rate(log-range)
  • bytes_over_time(log-range)
  • absent_over_time(log-range)

Aggregation operators

sum(rate({label1="val1"} [1m])) by (label2)

  • sum: Calculate sum over labels
  • min: Select minimum over labels
  • max: Select maximum over labels
  • avg: Calculate the average over labels
  • stddev: Calculate the population standard deviation over labels
  • stdvar: Calculate the population standard variance over labels
  • count: Count number of elements in the vector
  • bottomk: Select smallest k elements by sample value
  • topk: Select largest k elements by sample value

Unwrap Expression.

rate({label1="val1"}|unwrap int_valued_label [1s]) by (another_label)

Supported functions

  • rate(unwrapped-range): calculates per second rate of all values in the specified interval.
  • sum_over_time(unwrapped-range): the sum of all values in the specified interval.
  • avg_over_time(unwrapped-range): the average value of all points in the specified interval.
  • max_over_time(unwrapped-range): the maximum value of all points in the specified interval.
  • min_over_time(unwrapped-range): the minimum value of all points in the specified interval
  • first_over_time(unwrapped-range): the first value of all points in the specified interval
  • last_over_time(unwrapped-range): the last value of all points in the specified interval

NOTE! Aggregation operators over unwrapped expressions are not supported.

Line Format Expression is unsupported

Labels Format Expression is unsupported

Clone this wiki locally