A Jsonnet based DSL for writing LogQL queries, inspired by promql-jsonnet. This is useful when creating Grafana dashboards using grafonnet. Instead of having to template strings manually, you can now use immutable builders to DRY out your LogQL queries.
LogQL Stream Selector Documentation
| Operation | Description |
|---|---|
.withLabels(object) |
Accepts an object using the key as the label and the value as the value of the predicate, only uses equality = Usage: .withLabels({cluster: "primary",region: 'us-east-1'}) |
.withLabel(label, op, value) |
Sets a single label selector, with specific arguments for the label, op and value Usage: .withLabel('region', '!=','us-east-1') |
.withLabel(object) |
The method is overloaded, and also accepts a single object as an argument the keys label, op and value. Usage: .withLabel({label: 'region', op: '!=', value: 'us-east-1'}) |
logql.new()
.withLabels({
app: 'ecommerce',
cluster: "primary",
region: 'us-east-1',
})
.build()
// renders
{app="ecommerce", cluster="primary", region="us-east-1"}To support a more fluent API, a single method of selector() is provided that returns an object of methods to chain from.
| Operation | Description |
|---|---|
.eq(value) |
Generates a single label equality label selector Usage: .selector('region').eq('us-east-1') |
.neq(value) |
Generates a single label not equal label selector Usage: .selector('region').neq('us-east-1') |
.re(value) |
Generates a single label regular expression matches label selector Usage: .selector('region').re('us-east-1') |
.nre(value) |
Generates a single label not regular expression matches label selector Usage: .selector('region').nre('us-east-1') |
logql.new()
.selector('app').eq('ecommerce')
.selector('cluster').neq('primary')
.selector('env').re('dev|test')
.selector('region').nre('us-east-\\d+')
.line().eq('error')
.json()
.build(formatted=false)
// renders
{app="ecommerce", cluster!="primary", env=~"dev|test", region!~"us-east-\\d+"}LogQL Line Filter Documentation
| Operation | Description |
|---|---|
.lineEq(text) |
Filters a line to ensure that the line contains the specified text. Usage: .lineEq('error') |
.lineNeq(text) |
Filters a line to ensure that the line does not contains the specified text. Usage: .lineNeq('error') |
.lineRe(text) |
Filters a line to ensure that the line matches the specified regular expression. Usage: .lineRe('error') |
.lineNre(text) |
Filters a line to ensure that the line does not match the specified regular expression. Usage: .lineNre('error') |
logql.new()
.withLabels({
app: 'ecommerce',
cluster: "primary",
region: 'us-east-1',
})
.lineEq('error')
.build()
// renders
{app="ecommerce", cluster="primary", region="us-east-1"}
|= `error`To support a more fluent API, a single method of line() is provided that returns an object of methods to chain from.
| Operation | Description |
|---|---|
.eq(value) |
Generates a single line contains filter Usage: line().eq('error') |
.neq(value) |
Generates a single line does not contains filter Usage: line().neq('error') |
.re(value) |
Generates a single line matches regular expression filter Usage: line().re('error') |
.nre(value) |
Generates a single line does not matchregular expression filter Usage: line().nre('error') |
logql.new()
.selector('app').eq('ecommerce')
.selector('cluster').eq('primary')
.selector('env').eq('prod')
.line().re('level=(error|warn)')
.build()
// renders
{app="ecommerce", cluster!="primary", env="prod"}
|~ `level=(error|warn)`| Operation | Description |
|---|---|
.json(labels?) |
Parses the log line as json, optionally extracting specific values and assigning to a label. Usage: .json() |
.logfmt(labels?) |
Parses the log line as logfmt, optionally extracting specific values and assigning to a label Usage: .logfmt() |
.pattern(pattern) |
Parses the line using the pattern parser extracting values and assigning to labels Usage: .pattern('<_> level=<level> <_>') |
.regex(pattern) |
Parses the line using the regex parser extracting placeholder values and assigning to labels Usage: .regex('.+ level=(?P<level>[^ ]+) .+') |
logql.new()
.selector('app').eq('ecommerce')
.selector('cluster').eq('primary')
.selector('env').eq('prod')
.line().re('level=(error|warn)')
.json()
.build()
// renders
{app="ecommerce", cluster!="primary", env="prod"}
|~ `level=(error|warn)`
| jsonLogQL Label Filter Documentation
| Operation | Description |
|---|---|
.labelEq(label, value) |
Performs an equal to check on a label and value. Usage: .labelEq('status_code', 200) |
.labelNeq(label, value) |
Performs a not equal to check on a label and value Usage: .labelNeq('status_code', 200) |
.labelGt(label, value) |
Performs a greater than check on a label and value Usage: .labelGt('status_code', 200) |
.labelGte(label, value) |
Performs a greater than or equal to check on a label and value Usage: .labelGte('status_code', 200) |
.labelLt(label, value) |
Performs a less than check on a label and value Usage: .labelLt('status_code', 200) |
.labelLte(label, value) |
Performs a less than or equal to check on label and value Usage: .labelLte('status_code', 200) |
.labelRe(label, value) |
Performs a regular expression match check on a label and value Usage: .labelRe('status_code', '2..') |
.labelNre(label, value) |
Performs a regular expression does not match check on a label and value Usage: .labelNre('status_code', '2..') |
.labelNoop(label) |
Adds just the label with no check, mainly used in drop / keep Usage: .labelNoop('status_code') |
logql.new()
.withLabels({
app: 'ecommerce',
cluster: 'primary',
env: 'prod',
})
.lineRe('level=(error|warn)')
.json()
.labelNeq('status_code', 200)
.build()
// renders
{app="ecommerce", cluster!="primary", env="prod"}
|~ `level=(error|warn)`
| json
| status_code != 200To support a more fluent API, a single method of label(label) is provided that returns an object of methods to chain from.
| Operation | Description |
|---|---|
.eq(value) |
Performs an equal to check on a label and value. Usage: .label('status_code').eq(200) |
.neq(value) |
Performs a not equal to check on a label and value Usage: .label('status_code').neq(200) |
.gt(value) |
Performs a greater than check on a label and value Usage: .label('status_code').gt(200) |
.gte(value) |
Performs a greater than or equal to check on a label and value Usage: .label('status_code').gte(200) |
.lt(value) |
Performs a less than check on a label and value Usage: .label('status_code').lt(200) |
.lte(value) |
Performs a less than or equal to check on label and value Usage: .label('status_code').lte(200) |
.re(value) |
Performs a regular expression match check on a label and value Usage: .label('status_code').re('2..') |
.nre(value) |
Performs a regular expression does not match check on a label and value Usage: .label('status_code').nre('2..') |
.noop() |
Adds just the label with no check, mainly used in drop / keep Usage: .label('status_code').noop() |
logql.new()
.selector('app').eq('ecommerce')
.selector('cluster').eq('primary')
.selector('env').eq('dev|test')
.line().re('level=(error|warn)')
.json()
.label('status_code').neq(200)
.build()
// renders
{app="ecommerce", cluster!="primary", env="prod"}
|~ `level=(error|warn)`
| json
| status_code != 200| Operation | Description |
|---|---|
.and(exprs[]) |
Performs a logical and operation on the expressions Usage: .and(['status_code == 200','response_time > 200ms']) |
.or(exprs[]) |
Performs a logical or operation on the expressions Usage: .or(['status_code == 200','response_time > 200ms']) |
logql.new()
.withLabels({
app: 'ecommerce',
cluster: "primary",
region: 'us-east-1',
})
.json()
.or([
logql.new().labelEq('status_code', 500).build(),
logql.new().labelGt('response_time', 100).build(),
logql.new().labelGt('critical', true).build()
])
.and([
logql.new().labelEq('user', 'admin').build(),
logql.new().labelNeq('method', 'GET').build()
])
.build(formatted=false)
// renders
{app="ecommerce", cluster="primary", region="us-east-1"}
| json
| (status_code == 500 or response_time > 100 or critical > true) and (user == `admin` and method != `GET`)LogQL Formatting Documentation
| Operation | Description |
|---|---|
.line_format(format) |
Rewrites the log line content by using the text/template format Usage: .line_format('{{ .request_method }}: {{ .status_code }}') |
.lineFormat(format) |
Wrapper for .line_format() Usage: .lineFormat('{{ .request_method }}: {{ .status_code }}') |
.label_format(label, path) |
Renames, modifies or adds labels Usage: .label_format('response_size', '{{ .response_size | lower }}') |
.labelFormat(label, path) |
Wrapper for .label_format() Usage: .labelFormat('response_size', '{{ .response_size | lower }}') |
.decolorize() |
Strips ANSI sequences (color codes) from the line Usage: .decolorize() |
.drop(labels[]) |
Drops one or more labels or labels with a conditional check Usage: .drop(['instance_id','host']) |
.keep(labels[]) |
Keeps one or more labels or labels with a conditional check, dropping all other labels Usage: .keep(['status_code', 'method', 'response_size', 'path']) |
logql.new()
.selector('app').eq('ecommerce')
.selector('cluster').eq('primary')
.selector('env').eq('dev|test')
.line().re('level=(error|warn)')
.json()
.label('status_code').neq(200)
.decolorize()
.line_format('{{ .request_method }}: {{ .status_code }} - {{ .path }}')
.label_format('response_size', '{{ .response_size | lower }}')
.keep([
logql.new().label('instance').noop().build(),
logql.new().label('level').noop().build(),
logql.new().label('request_method').eq('GET').build(),
])
.build()
// renders
{app="ecommerce", cluster="primary", env="dev|test"}
|~ `level=(error|warn)`
| json
| status_code != 200
| decolorize
| line_format `{{ .request_method }}: {{ .status_code }} - {{ .path }}`
| label_format response_size=`{{ .response_size | lower }}`
| keep instance, level, request_method==`GET`LogQL Formatting Documentation
| Operation | Description |
|---|---|
.rate(interval, resolution?, offset?) |
Calculates the number of entries per second Usage: .rate('5m') |
.count_over_time(interval, resolution?, offset?) |
Counts the entries for each log stream within the given range Usage: .count_over_time('5m') |
.countOverTime(interval, resolution?, offset?) |
Wrapper for .count_over_time() Usage: .countOverTime('5m') |
.bytes_rate(interval, resolution?, offset?) |
Calculates the number of bytes per second for each stream. Usage: .bytes_rate('5m') |
.bytesRate(interval, resolution?, offset?) |
Wrapper for .bytes_rate() Usage: .bytesRate('5m') |
.bytes_over_time(interval, resolution?, offset?) |
Counts the amount of bytes used by each log stream for a given range Usage: .bytes_over_time('5m') |
.bytesOverTime(interval, resolution?, offset?) |
Wrapper for .bytes_over_time() Usage: .bytesOverTime('5m') |
.absent_over_time(interval, resolution?, offset?) |
Returns an empty vector if the range vector passed to it has any elements and a 1-element vector with the value 1 if the range vector passed to it has no elements Usage: .absent_over_time('5m') |
.absentOverTime(interval, resolution?, offset?) |
Wrapper for .absent_over_time() Usage: .absentOverTime('5m') |
logql.new()
.selector('app').eq('ecommerce')
.selector('cluster').eq('primary')
.selector('env').eq('dev|test')
.line().re('level=(error|warn)')
.count_over_time('5m')
.build()
// renders
count_over_time(
{app="ecommerce", cluster="primary", env="dev|test"}
|~ `level=(error|warn)` [5m]
)LogQL Formatting Documentation
| Operation | Description |
|---|---|
.unwrap(label) |
Sets the label to unwrap for the aggregation. Unwrapped ranges uses extracted labels as sample values instead of log lines. Usage: .unwrap('response_bytes') |
.unwrap_duration(label) |
Unwraps the label and converts the value from a go duration format to seconds Usage: .unwrap_duration('response_time') |
.unwrapDuration(label) |
Wrapper for .unwrap_duration() Usage: .unwrapDuration('response_time') |
.unwrap_bytes(label) |
Unwraps the label and converts the value from a bytes unit to bytes Usage: .unwrap_bytes('response_size') |
.unwrapBytes(label) |
Wrapper for .unwrap_bytes() Usage: .unwrapBytes('response_size') |
.avg_over_time(interval, resolution?, offset?, by?, without?) |
Calculates the average value of all points in the specified interval. Usage: .avg_over_time('5m') |
.avg_over_time_by(interval, by, resolution?, offset?) |
Wrapper for avg_over_time() Usage: .avg_over_time_by('5m', ['region', 'cluster']) |
.avg_over_time_without(interval, without, resolution?, offset?) |
Wrapper for avg_over_time() Usage: .avg_over_time_without('5m', ['region', 'cluster']) |
.avgOverTime(interval, resolution?, offset?, by?, without?) |
Wrapper for avg_over_time() Usage: .avgOverTime('5m') |
.avgOverTimeBy(interval, by, resolution?, offset?) |
Wrapper for avg_over_time() Usage: .avgOverTimeBy('5m', ['region', 'cluster']) |
.avgOverTimeWithout(interval, without, resolution?, offset?) |
Wrapper for avg_over_time() Usage: .avgOverTimeWithout('5m', ['region', 'cluster']) |
.min_over_time(interval, resolution?, offset?, by?, without?) |
Calculates the minimum value of all points in the specified interval Usage: .min_over_time('5m') |
.min_over_time_by(interval, by, resolution?, offset?) |
Wrapper for min_over_time() Usage: .min_over_time_by('5m', ['region', 'cluster']) |
.min_over_time_without(interval, without, resolution?, offset?) |
Wrapper for min_over_time() Usage: .min_over_time_without('5m', ['region', 'cluster']) |
.minOverTime(interval, resolution?, offset?, by?, without?) |
Wrapper for min_over_time() Usage: .minOverTime('5m') |
.minOverTimeBy(interval, by, resolution?, offset?) |
Wrapper for min_over_time() Usage: .minOverTimeBy('5m', ['region', 'cluster']) |
.minOverTimeWithout(interval, without, resolution?, offset?) |
Wrapper for min_over_time() Usage: .minOverTimeWithout('5m', ['region', 'cluster']) |
.max_over_time(interval, resolution?, offset?, by?, without?) |
Calculates the maximum value of all points in the specified interval. Usage: .max_over_time('5m') |
.max_over_time_by(interval, by, resolution?, offset?) |
Wrapper for max_over_time() Usage: .max_over_time_by('5m', ['region', 'cluster']) |
.max_over_time_without(interval, without, resolution?, offset?) |
Wrapper for max_over_time() Usage: .max_over_time_without('5m', ['region', 'cluster']) |
.maxOverTime(interval, resolution?, offset?, by?, without?) |
Wrapper for max_over_time() Usage: .maxOverTime('5m') |
.maxOverTimeBy(interval, by, resolution?, offset?) |
Wrapper for max_over_time() Usage: .maxOverTimeBy('5m', ['region', 'cluster']) |
.maxOverTimeWithout(interval, without, resolution?, offset?) |
Wrapper for max_over_time() Usage: .maxOverTimeWithout('5m', ['region', 'cluster']) |
.first_over_time(interval, resolution?, offset?, by?, without?) |
Calculates the first value of all points in the specified interval Usage: .first_over_time('5m') |
.first_over_time_by(interval, by, resolution?, offset?) |
Wrapper for first_over_time() Usage: .first_over_time_by('5m', ['region', 'cluster']) |
.first_over_time_without(interval, without, resolution?, offset?) |
Wrapper for first_over_time() Usage: .first_over_time_without('5m', ['region', 'cluster']) |
.firstOverTime(interval, resolution?, offset?, by?, without?) |
Wrapper for first_over_time() Usage: .firstOverTime('5m') |
.firstOverTimeBy(interval, by, resolution?, offset?) |
Wrapper for first_over_time() Usage: .firstOverTimeBy('5m', ['region', 'cluster']) |
.firstOverTimeWithout(interval, without, resolution?, offset?) |
Wrapper for first_over_time() Usage: .firstOverTimeWithout('5m', ['region', 'cluster']) |
.last_over_time(interval, resolution?, offset?, by?, without?) |
Calculates the last value of all points in the specified interval Usage: .last_over_time('5m') |
.last_over_time_by(interval, by, resolution?, offset?) |
Wrapper for last_over_time() Usage: .last_over_time_by('5m', ['region', 'cluster']) |
.last_over_time_without(interval, without, resolution?, offset?) |
Wrapper for last_over_time() Usage: .last_over_time_without('5m', ['region', 'cluster']) |
.lastOverTime(interval, resolution?, offset?, by?, without?) |
Wrapper for last_over_time() Usage: .lastOverTime('5m') |
.lastOverTimeBy(interval, by, resolution?, offset?) |
Wrapper for last_over_time() Usage: .lastOverTimeBy('5m', ['region', 'cluster']) |
.lastOverTimeWithout(interval, without, resolution?, offset?) |
Wrapper for last_over_time() Usage: .lastOverTimeWithout('5m', ['region', 'cluster']) |
.rate_counter(interval, resolution?, offset?) |
Calculates per second rate of the values in the specified interval and treating them as "counter metric" Usage: .rate_counter('5m') |
.rateCounter(interval, resolution?, offset?) |
c Usage: .rate_counter('5m') |
.stdvar_over_time(interval, resolution?, offset?, by?, without?) |
Calculates the population standard variance of the values in the specified interval. Usage: .stdvar_over_time('5m', ['region', 'cluster']) |
Wrapper for stdvar_over_time() |
|
.stdvar_over_time_without(interval, without, resolution?, offset?) |
Wrapper for stdvar_over_time() Usage: .stdvar_over_time_without('5m', ['region', 'cluster']) |
.stdvarOverTime(interval, resolution?, offset?, by?, without?) |
Wrapper for stdvar_over_time() Usage: .stdvarOverTime('5m') |
.stdvarOverTimeBy(interval, by, resolution?, offset?) |
Wrapper for stdvar_over_time() Usage: .stdvarOverTimeBy('5m', ['region', 'cluster']) |
.stdvarOverTimeWithout(interval, without, resolution?, offset?) |
Wrapper for stdvar_over_time() Usage: .stdvarOverTimeWithout('5m', ['region', 'cluster']) |
.stddev_over_time(interval, resolution?, offset?, by?, without?) |
Calculates the population standard deviation of the values in the specified interval. Usage: .stddev_over_time('5m') |
.stddev_over_time_by(interval, by, resolution?, offset?) |
Wrapper for stddev_over_time() Usage: .stddev_over_time_by('5m', ['region', 'cluster']) |
.stddev_over_time_without(interval, without, resolution?, offset?) |
Wrapper for stddev_over_time() Usage: .stddev_over_time_without('5m', ['region', 'cluster']) |
.stddevOverTime(interval, resolution?, offset?, by?, without?) |
Wrapper for stddev_over_time() Usage: .stddevOverTime('5m') |
.stddevOverTimeBy(interval, by, resolution?, offset?) |
Wrapper for stddev_over_time() Usage: .stddevOverTimeBy('5m', ['region', 'cluster']) |
.stddevOverTimeWithout(interval, without, resolution?, offset?) |
Wrapper for stddev_over_time() Usage: .stddevOverTimeWithout('5m', ['region', 'cluster']) |
.quantile_over_time(quantile, interval, resolution?, offset?, by?, without?) |
Calculates the φ-quantile (0 ≤ φ ≤ 1) of the values in the specified interval. Usage: .quantile_over_time('0.95', '5m') |
.quantile_over_time_by(quantile, interval, by, resolution?, offset?) |
Wrapper for quantile_over_time() Usage: .quantile_over_time_by('0.95', '5m', ['region', 'cluster']) |
.quantile_over_time_without(quantile, interval, without, resolution?, offset?) |
Wrapper for quantile_over_time() Usage: .quantile_over_time_without('0.95', '5m', ['region', 'cluster']) |
.quantileOverTime(quantile, interval, resolution?, offset?, by?, without?) |
Wrapper for quantile_over_time() Usage: .quantileOverTime('0.95', '5m') |
.quantileOverTimeBy(quantile, interval, by, resolution?, offset?) |
Wrapper for quantile_over_time() Usage: .quantileOverTimeBy('0.95', '5m', ['region', 'cluster']) |
.quantileOverTimeWithout(quantile, interval, without, resolution?, offset?) |
Wrapper for quantile_over_time() Usage: .quantileOverTimeWithout('0.95', '5m', ['region', 'cluster']) |
logql.new()
.selector('app').eq('ecommerce')
.selector('cluster').eq('primary')
.selector('env').eq('dev|test')
.line().re('level=(error|warn)')
.count_over_time('5m')
.build()
// renders
avg_over_time(
{app="ecommerce", cluster="primary", region="us-east-1"}
|= `error`
| logfmt
| unwrap bytes(response_size) [1h:5m]
) by (cluster, region)LogQL Formatting Documentation
| Operation | Description |
|---|---|
.sum(by?, without?) |
Calculate sum over labels Usage: .sum() |
.sum_by(by) |
Wrapper for sum(by=[]) Usage: .sumBy(['cluster', 'region']) |
.sumBy(by) |
Wrapper for sum(by=[]) Usage: .sumBy(['cluster', 'region']) |
.sum_without(without) |
Wrapper for sum(without=[]) Usage: .sumWithout(['cluster', 'region') |
.sumWithout(without) |
Wrapper for sum(without=[]) Usage: .sumWithout(['cluster', 'region') |
.avg(by?, without?) |
Calculate the average over labels Usage: .avg() |
.avg_by(by) |
Wrapper for avg(by=[]) Usage: .avgBy(['cluster', 'region') |
.avgBy(by) |
Wrapper for avg(by=[]) Usage: .avgBy(['cluster', 'region') |
.avg_without(without) |
Wrapper for avg(without=[]) Usage: .avgWithout(['cluster', 'region') |
.avgWithout(without) |
Wrapper for avg(without=[]) Usage: .avgWithout(['cluster', 'region') |
.min(by?, without?) |
Select minimum over labels Usage: .min() |
.min_by(by) |
Wrapper for min(by=[]) Usage: .minBy(['cluster', 'region') |
.minBy(by) |
Wrapper for min(by=[]) Usage: .minBy(['cluster', 'region') |
.min_without(without) |
Wrapper for min(without=[]) Usage: .minWithout(['cluster', 'region') |
.minWithout(without) |
Wrapper for min(without=[]) Usage: .minWithout(['cluster', 'region') |
.max(by?, without?) |
Select maximum over labels Usage: .max() |
.max_by(by) |
Wrapper for max(by=[]) Usage: .maxBy(['cluster', 'region') |
.maxBy(by) |
Wrapper for max(by=[]) Usage: .maxBy(['cluster', 'region') |
.max_without(without) |
Wrapper for max(without=[]) Usage: .maxWithout(['cluster', 'region') |
.maxWithout(without) |
Wrapper for max(without=[]) Usage: .maxWithout(['cluster', 'region') |
.stddev(by?, without?) |
Calculate the population standard deviation over labels Usage: .stddev() |
.stddev_by(by) |
Wrapper for stddev(by=[]) Usage: .stddevBy(['cluster', 'region') |
.stddevBy(by) |
Wrapper for stddev(by=[]) Usage: .stddevBy(['cluster', 'region') |
.stddev_without(without) |
Wrapper for stddev(without=[]) Usage: .stddevWithout(['cluster', 'region') |
.stddevWithout(without) |
Wrapper for stddev(without=[]) Usage: .stddevWithout(['cluster', 'region') |
.stdvar(by?, without?) |
Calculate the population standard variance over labels Usage: .stdvar() |
.stdvar_by(by) |
Wrapper for stdvar(by=[]) Usage: .stdvarBy(['cluster', 'region') |
.stdvarBy(by) |
Wrapper for stdvar(by=[]) Usage: .stdvarBy(['cluster', 'region') |
.stdvar_without(without) |
Wrapper for stdvar(without=[]) Usage: .stdvarWithout(['cluster', 'region') |
.stdvarWithout(without) |
Wrapper for stdvar(without=[]) Usage: .stdvarWithout(['cluster', 'region') |
.count(by?, without?) |
Count number of elements in the vector Usage: .count() |
.count_by(by) |
Wrapper for count(by=[]) Usage: .countBy(['cluster', 'region') |
.countBy(by) |
Wrapper for count(by=[]) Usage: .countBy(['cluster', 'region') |
.count_without(without) |
Wrapper for count(without=[]) Usage: .countWithout(['cluster', 'region') |
.countWithout(without) |
Wrapper for count(without=[]) Usage: .countWithout(['cluster', 'region') |
.topk(k, by?, without?) |
Select largest k elements by sample value Usage: .topk(10) |
.topk_by(k, by) |
Wrapper for .topk(k, by=[]) Usage: .topk_by(10, ['region']) |
.topkBy(k, by) |
Wrapper for .topk(k, by=[]) Usage: .topkBy(10, ['region']) |
.topk_without(k, without) |
Wrapper for .topk(k, without=[]) Usage: .topk_without(10, ['region']) |
.topkWithout(k, without) |
Wrapper for .topk(k, without=[]) Usage: .topkWithout(10, ['region']) |
.bottomk(k, by?, without?) |
Select smallest k elements by sample value Usage: .bottomk(10) |
.bottomk_by(k, by) |
Wrapper for .bottomk(k, by=[]) Usage: .bottomk_by(10, ['region']) |
.bottomkBy(k, by) |
Wrapper for .bottomk(k, by=[]) Usage: .bottomkBy(10, ['region']) |
.bottomk_without(k, without) |
Wrapper for .bottomk(k, without=[]) Usage: .bottomk_without(10, ['region']) |
.bottomkWithout(k, without) |
Wrapper for .bottomk(k, without=[]) Usage: .bottomkWithout(10, ['region']) |
.sort(by?, without?) |
returns vector elements sorted by their sample values, in ascending order. Usage: .sort() |
.sort_by(by) |
Wrapper for .sort(by=[]) Usage: .sort_by(['region', 'cluster']) |
.sortBy(by) |
Wrapper for .sort(by=[]) Usage: .sortBy(['region', 'cluster']) |
.sort_without(without) |
.sort(without=[]) Usage: .sort_without(['region', 'cluster']) |
.sortWithout(without) |
.sort(without=[]) Usage: .sortWithout(['region', 'cluster']) |
.sort_desc(by?, without?) |
Same as sort, but sorts in descending order. Usage: .sort_desc() |
.sortDesc(by?, without?) |
Wrapper for .sort_desc() Usage: .sortDesc() |
.sort_desc_by(by) |
Wrapper for .sort_desc(by=[]) Usage: .sort_desc_by(['region', 'cluster']) |
.sortDescBy(by) |
Wrapper for .sort_desc(by=[]) Usage: sortDescBy(['region', 'cluster']) |
.sort_desc_without(without) |
Wrapper for .sort_desc(without=[]) Usage: .sort_desc_without(['region', 'cluster']) |
.sortDescWithout(without) |
Wrapper for .sort_desc(without=[]) Usage: .sortDescWithout(['region', 'cluster']) |
logql.new()
.selector('app').eq('ecommerce')
.selector('cluster').eq('primary')
.selector('env').eq('dev|test')
.line().re('level=(error|warn)')
.count_over_time('5m')
.build()
// renders
sort_desc(
sum by (region, cluster) (
count_over_time(
{app="ecommerce", cluster="primary", region="us-east-1"} |= `error` [1m]
)
)
)