GCP Log Explorer

Posted on | Edited on | In

The quick revisit is by query examples.

Query Example:

To run a query you can go through this typical order:

1
2
3
4
5
6
7
8
9
10
-- find resurce type
resource.type="k8s_container"
-- any label to narrow down the scope
resource.labels.cluster_name="us-east4"
resource.labels.namespace_name="default"
resource.labels.container_name="foo"
-- strings in json or text payload
textPayload:"there is a high bar"

-- apply logic operator or regexp in searching

Other query examples please see here.

Query Language

It is recommended to read through the detailed syntax here.

Key Takeaways

  1. Comment line starts with -- in query expression.

  2. The boolean operator precedence order: NOT, OR and AND and they must use upper case in query.

  3. The query expression leftside field is a path from LogEntry group, you can also explore them in the unfolded query result, for example, usually we want to check if jsonPayload or textPayload contains desired substrings.

  4. Regular expression on text query examples.

  5. The timestamp in query is on UTC, you can get it by date command:

1
2
3
4
# 2023-07-04T18:50:36+00:00
date --rfc-3339=s --date="5 hours ago" | sed -e 's/ /T/g'
# Then use it in query, for example:
timestamp >= "2023-07-04T18:50:36+00:00"
0%