Skip to content

LogQL Supported Queries

Jachen Duschletta edited this page Nov 9, 2021 · 32 revisions

Log Stream Selector

{label_1 = "value1", label2 =~ ".+value[2-3]"}

  • =: exactly equal
  • !=: not equal
  • =~: regex matches
  • !~: regex does not match

NOTE! label !~ ".+" shows nothing instead of all the logs without label. All the compared "fingerprints" are checked against having the searching label.

Line Filter Expression

{label1="1"} |= "ERROR"

  • |=: Log line contains string
  • !=: Log line does not contain string
  • |~: Log line contains a match to the regular expression
  • !~: Log line does not contain a match to the regular expression

Label Filter Expression

String filters

  • =: exactly equal
  • !=: not equal
  • =~: regex matches
  • !~: regex does not match
  • 'or' and 'and' operators

Number and duration filters are unsupported

, expressions are unsupported

Parser Expression

{label1="val1"} |json

  • json with parameters
  • json without parameters
  • regexp
  • logfmt
  • pattern
  • unpack

Log Range Aggregations

rate({label1="val1"} [1m])

  • rate(log-range)
  • count_over_time(log-range)
  • bytes_rate(log-range)
  • bytes_over_time(log-range)
  • absent_over_time(log-range)

Aggregation operators

sum(rate({label1="val1"} [1m])) by (label2)

  • sum: Calculate sum over labels
  • min: Select minimum over labels
  • max: Select maximum over labels
  • avg: Calculate the average over labels
  • stddev: Calculate the population standard deviation over labels
  • stdvar: Calculate the population standard variance over labels
  • count: Count number of elements in the vector
  • bottomk: Select smallest k elements by sample value
  • topk: Select largest k elements by sample value

Unwrap Expression.

rate({label1="val1"}|unwrap int_valued_label [1s]) by (another_label)

Supported functions

  • rate(unwrapped-range): calculates per second rate of all values in the specified interval.
  • sum_over_time(unwrapped-range): the sum of all values in the specified interval.
  • avg_over_time(unwrapped-range): the average value of all points in the specified interval.
  • max_over_time(unwrapped-range): the maximum value of all points in the specified interval.
  • min_over_time(unwrapped-range): the minimum value of all points in the specified interval
  • first_over_time(unwrapped-range): the first value of all points in the specified interval
  • last_over_time(unwrapped-range): the last value of all points in the specified interval
  • Aggregation operators over unwrapped expressions are supported.

NOTES:

  • In Grafana queries, use $__interval for unwrap, ie: unwrap data [$__interval]

Line Format Expression (handlebars)

{label1="val1"} | json | line_format "{{int_valued_label}}"

{label1="val1"} | json | line_format "{{int_val}} / 2 = {{ divide int_val 2}}"

Labels Format Expression is upcoming

Clone this wiki locally