Query logs to monitor performance and troubleshoot issues.
Access to Cloud Observability Logging is available on request. Reach out to your Account Manager to get started.
logs count queries
analyze the number of logs matching certain conditions.
The sections below describe the syntax and
phrase_match, a filter predicate for finding logs with specific letters or words.
logs count queries use the following syntax, where each query stage is separated by a pipe (
The list below describes the stages in more detail.
1 logs count | <aligner> | <filter> | <group_by , reducer>
logs countoutputs a float with the number of logs.
aligner groups logs into a time series with points at regular intervals.
filter matches logs using filter expressions to narrow down your data.
filter is the only optional query stage. All filter expressions are available except
group_by , reduceraggregates data with the same timestamp and
value using the specified reducer.
phrase_match is a filter predicate for
logs count queries.
phrase_match to find logs containing specific letters or words.
phrase_match accepts two parameters:
body and a search phrase.
For example, the following search phrase of
erroneous but not
1 2 3 4 logs count | filter phrase_match(body, "err") | delta | group_by , sum
For search phrases with more than 1 token, the first N-1 phrase tokens must match sequential
The last phrase token only needs to match a prefix of the next
For example, the search phrase below matches
an error and
had an error but not
1 2 3 4 logs count | filter phrase_match(body, "an err") | delta | group_by , sum
This section shows several
logs count examples.
To use the examples, paste and edit the queries in Cloud Observability’s query editor.
Log volume grouped by Kubernetes application
1 logs count | delta | group_by[kube_app], sum
Error frequency grouped by Kubernetes application
1 logs count | filter severity == ErrorSeverity | delta | group_by[kube_app], sum
Log volume grouped by Kubernetes application and severity
1 logs count | delta | group_by[kube_app, severity], sum
Updated Sep 13, 2023