Search and analyze logs from various sources to debug issues and monitor your systems.

Supported Log Sources

  • Loki
  • Elasticsearch
  • CloudWatch Logs
  • Google Cloud Logging
  • Azure Monitor Logs

Query Syntax

Loki (LogQL)

# Basic log line filter
{app="api"} |= "error"

# Parse and extract fields
{app="nginx"} | json | status >= 500

# Calculate rates
sum(rate({app="api"} |~ "error" [5m])) by (pod)

Elasticsearch (KQL)

# Basic search
kubernetes.container.name: "api" and message: "error"

# Time range
@timestamp >= now-15m and @timestamp <= now()

Examples

Error Patterns

# Find errors with stack traces
{app="backend"} |~ "(?i)error|exception|fail"

Performance Issues

# Slow API responses
{app="api"} | json | duration > 1000

Best Practices

  • Use specific labels/tags to filter logs
  • Leverage parsing to extract structured data
  • Use time ranges to limit result sets
  • Create alerts for recurring error patterns
  • Use log sampling for high-volume logs

Search and analyze logs from various sources to debug issues and monitor your systems.

Supported Log Sources

  • Loki
  • Elasticsearch
  • CloudWatch Logs
  • Google Cloud Logging
  • Azure Monitor Logs

Query Syntax

Loki (LogQL)

# Basic log line filter
{app="api"} |= "error"

# Parse and extract fields
{app="nginx"} | json | status >= 500

# Calculate rates
sum(rate({app="api"} |~ "error" [5m])) by (pod)

Elasticsearch (KQL)

# Basic search
kubernetes.container.name: "api" and message: "error"

# Time range
@timestamp >= now-15m and @timestamp <= now()

Examples

Error Patterns

# Find errors with stack traces
{app="backend"} |~ "(?i)error|exception|fail"

Performance Issues

# Slow API responses
{app="api"} | json | duration > 1000

Best Practices

  • Use specific labels/tags to filter logs
  • Leverage parsing to extract structured data
  • Use time ranges to limit result sets
  • Create alerts for recurring error patterns
  • Use log sampling for high-volume logs