diff --git a/docs/guide/logql.md b/docs/guide/logql.md index 2df4c92..e178479 100644 --- a/docs/guide/logql.md +++ b/docs/guide/logql.md @@ -140,12 +140,14 @@ Return lines including the text "status 403" or "status 503" using regex We can use operations on both the log **stream selectors** and **filter expressions** to refine them. -## ** Format ** +## ** Filter Expressions ** -### Parser Expression -Parser expression can parse and extract labels from the log content. Those extracted labels can then be used for filtering using label filter expressions or for metric aggregations. + + +### ** Parser Expression ** +Parser expressions can parse and extract labels from the log content. Those extracted labels can then be used for filtering using label filter expressions or for metric aggregations. -#### json +#### `json` The json parser operates in two modes: * without parameters: @@ -156,16 +158,18 @@ The json parser operates in two modes: * Using `| json label="expression"` in your pipeline will extract only the specified json fields to labels. * ```{job="0.6611336793589486_json"} | json my_field="json_field"``` -#### logfmt +#### `logfmt` The logfmt parser extracts any key=value pairs from the processed logs. -#### regexp +#### `regexp` The regexp parser operates against log string and requires named groups for matching. -Example: extract a new label named `token` from a string ie: `YYYY-MM-DDT00:00:00Z ... Reserving 1.1Mb of memory` +Example: extract a new label named `token` from a string ie: +```YYYY-MM-DDT00:00:00Z ... Reserving 1.1Mb of memory``` + * ```{type="clickhouse"} |~"Reserving" | regexp "Reserving (?\\d+.\\d+)"``` -#### Line Format +#### ** Line Format ** Line Format expression allows the re-formatting of parts of a log line. It can extract items from parsed json. To extract a *parameter* we use "{{}}" to surround it and extract it as the displayed log line as a result. Any thing can be added to this line format, to allow for additional notes or formatting. @@ -176,7 +180,7 @@ To extract a *parameter* we use "{{}}" to surround it and extract it as the disp Creates new log lines of the string "My field: VALUE" -#### Label Filter Expression +#### ** Label Filter Expression ** Label filter expression allows filtering log line using their original and extracted labels. It can contain multiple predicates. A predicate contains a *label identifier*, an *operation* and a *value* to compare the label with. @@ -186,6 +190,9 @@ Label filters work like label matchers and use the same operations (`=`,`!=`,`=~ ``` {job="0.6611336793589486_json"} | json | my_field="VALUE" ``` + + +