-
-
Notifications
You must be signed in to change notification settings - Fork 69
LogQL Supported Queries
{label_1 = "value1", label2 =~ ".+value[2-3]"}
-
=
: exactly equal -
!=
: not equal -
=~
: regex matches -
!~
: regex does not match
NOTE! label !~ ".+"
shows nothing instead of all the logs without label
. All the compared "fingerprints" are checked against having the searching label.
{label1="1"} |= "ERROR"
-
|=
: Log line contains string -
!=
: Log line does not contain string -
|~
: Log line contains a match to the regular expression -
!~
: Log line does not contain a match to the regular expression
-
=
: exactly equal -
!=
: not equal -
=~
: regex matches -
!~
: regex does not match -
or
,and
: chain operators - Time and duration filters (unsupported)
{label1="val1"} |json
- json with parameters
- json without parameters
- regexp
- logfmt
- pattern
- unpack
rate({label1="val1"} [1m])
- rate(log-range)
- count_over_time(log-range)
- bytes_rate(log-range)
- bytes_over_time(log-range)
- absent_over_time(log-range)
sum(rate({label1="val1"} [1m])) by (label2)
- sum: Calculate sum over labels
- min: Select minimum over labels
- max: Select maximum over labels
- avg: Calculate the average over labels
- stddev: Calculate the population standard deviation over labels
- stdvar: Calculate the population standard variance over labels
- count: Count number of elements in the vector
- bottomk: Select smallest k elements by sample value
- topk: Select largest k elements by sample value
rate({label1="val1"}|unwrap int_valued_label [1s]) by (another_label)
Supported functions
- rate(unwrapped-range): calculates per second rate of all values in the specified interval.
- sum_over_time(unwrapped-range): the sum of all values in the specified interval.
- avg_over_time(unwrapped-range): the average value of all points in the specified interval.
- max_over_time(unwrapped-range): the maximum value of all points in the specified interval.
- min_over_time(unwrapped-range): the minimum value of all points in the specified interval
- first_over_time(unwrapped-range): the first value of all points in the specified interval
- last_over_time(unwrapped-range): the last value of all points in the specified interval
- Aggregation operators over unwrapped expressions are supported.
NOTES:
- In Grafana queries, use
$__interval
for unwrap, ie:unwrap data [$__interval]
{label1="val1"} | label_format label2=label1
- label replace queries: Replace label name with a custom name
- label drop queries: Drop labels from log lines
Line Format Expression (handlebars)
- Filter specific JSON field and only display that:
{label1="val1"} | json | line_format "{{int_valued_label}}"
- Perform simple arithmetics
a / (b + c)
:
{label1="val1"} | json | line_format "{{ divide a (sum b c) }}"
- Perform other arithmetic functions
{label1="val1"} | json | line_format "{{int_val}} / 2 = {{ divide int_val 2}}"
If you used 'Insert Metrics API' to insert metrics.
Use unwrap_value to unwrap the metric value directly from a metric stream.
- Average of a metric over 1m periods
avg_over_time({label1="val1"} | unwrap_value [1m])