-
-
Notifications
You must be signed in to change notification settings - Fork 69
LogQL Supported Queries
akvlad edited this page Nov 12, 2021
·
32 revisions
{label_1 = "value1", label2 =~ ".+value[2-3]"}
-
=
: exactly equal -
!=
: not equal -
=~
: regex matches -
!~
: regex does not match
NOTE! label !~ ".+"
shows nothing instead of all the logs without label
. All the compared "fingerprints" are checked against having the searching label.
{label1="1"} |= "ERROR"
-
|=
: Log line contains string -
!=
: Log line does not contain string -
|~
: Log line contains a match to the regular expression -
!~
: Log line does not contain a match to the regular expression
-
=
: exactly equal -
!=
: not equal -
=~
: regex matches -
!~
: regex does not match - 'or' and 'and' operators
{label1="val1"} |json
- json with parameters
- json without parameters
- regexp
- logfmt
- pattern
- unpack
rate({label1="val1"} [1m])
- rate(log-range)
- count_over_time(log-range)
- bytes_rate(log-range)
- bytes_over_time(log-range)
- absent_over_time(log-range)
sum(rate({label1="val1"} [1m])) by (label2)
- sum: Calculate sum over labels
- min: Select minimum over labels
- max: Select maximum over labels
- avg: Calculate the average over labels
- stddev: Calculate the population standard deviation over labels
- stdvar: Calculate the population standard variance over labels
- count: Count number of elements in the vector
- bottomk: Select smallest k elements by sample value
- topk: Select largest k elements by sample value
rate({label1="val1"}|unwrap int_valued_label [1s]) by (another_label)
Supported functions
- rate(unwrapped-range): calculates per second rate of all values in the specified interval.
- sum_over_time(unwrapped-range): the sum of all values in the specified interval.
- avg_over_time(unwrapped-range): the average value of all points in the specified interval.
- max_over_time(unwrapped-range): the maximum value of all points in the specified interval.
- min_over_time(unwrapped-range): the minimum value of all points in the specified interval
- first_over_time(unwrapped-range): the first value of all points in the specified interval
- last_over_time(unwrapped-range): the last value of all points in the specified interval
- Aggregation operators over unwrapped expressions are supported.
NOTES:
- In Grafana queries, use
$__interval
for unwrap, ie:unwrap data [$__interval]
{label1="val1"} | json | line_format "{{int_valued_label}}"
{label1="val1"} | json | line_format "{{int_val}} / 2 = {{ divide int_val 2}}"