Writing Log Queries

Search and analyze logs from various sources to debug issues and monitor your systems.

Supported Log Sources

Loki
Elasticsearch
CloudWatch Logs
Google Cloud Logging
Azure Monitor Logs

Query Syntax

Loki (LogQL)

# Basic log line filter
{app="api"} |= "error"

# Parse and extract fields
{app="nginx"} | json | status >= 500

# Calculate rates
sum(rate({app="api"} |~ "error" [5m])) by (pod)

Elasticsearch (KQL)

# Basic search
kubernetes.container.name: "api" and message: "error"

# Time range
@timestamp >= now-15m and @timestamp <= now()

Examples

Error Patterns

# Find errors with stack traces
{app="backend"} |~ "(?i)error|exception|fail"

Performance Issues

# Slow API responses
{app="api"} | json | duration > 1000

Best Practices

Use specific labels/tags to filter logs
Leverage parsing to extract structured data
Use time ranges to limit result sets
Create alerts for recurring error patterns
Use log sampling for high-volume logs

Metric Queries SQL Queries

On this page

Supported Log Sources
Query Syntax
Loki (LogQL)
Elasticsearch (KQL)
Examples
Error Patterns
Performance Issues
Best Practices

GETTING STARTED

MONITOR

DEBUG

INTEGRATIONS

CONTEXT

Security & Privacy

Writing Log Queries

Supported Log Sources

Query Syntax

Loki (LogQL)

Elasticsearch (KQL)

Examples

Error Patterns

Performance Issues

Best Practices

GETTING STARTED

MONITOR

DEBUG

INTEGRATIONS

CONTEXT

Security & Privacy

​Supported Log Sources

​Query Syntax

​Loki (LogQL)

​Elasticsearch (KQL)

​Examples

​Error Patterns

​Performance Issues

​Best Practices

Supported Log Sources

Query Syntax

Loki (LogQL)

Elasticsearch (KQL)

Examples

Error Patterns

Performance Issues

Best Practices