LogCLI, Grafana洛基的命令行界面
LogCLI是命令行界面Grafana洛基。它促进了运行LogQL查询一个洛基实例。
安装
二进制(推荐)
下载logcli二进制的洛基发布页面。
从源代码构建LogCLI
克隆洛基存储库和构建logcli从资料来源:
git克隆https://github.com/grafana/loki.git cd洛基logcli可选地,二进制移到一个目录,是你的一部分美元的路径。
cp cmd / logcli logcli /usr/local/bin/logcli设置命令完成
您可以设置tab补齐logcli的两个选项,这取决于您的shell:
bash,添加你
~ / . bashrc文件:eval " $ (logcli——completion-script-bash) "zsh,添加你
~ / . zshrc文件:eval " $ (logcli——completion-script-zsh) "
LogCLI用法
Grafana云的例子
如果你Grafana云上运行,使用:
出口LOKI_ADDR = https://logs-us-west1.grafana.net出口LOKI_USERNAME =出口LOKI_PASSWORD <用户名> = <密码>否则你可以直接点LogCLI本地实例不需要用户名和密码:
出口LOKI_ADDR = http://localhost: 3100注意:如果您正在运行洛基背后一个代理服务器身份验证配置,你还必须通过LOKI_USERNAME和LOKI_PASSWORD LOKI_BEARER_TOKEN或相应LOKI_BEARER_TOKEN_FILE。
美元logcli标签工作https://logs-dev-ops-tools1.grafana.net/api/prom/label/job/values loki-ops /领事loki-ops / loki-gw……美元logcli查询”=“loki-ops /领事”}{工作的https://logs-dev-ops-tools1.grafana.net/api/prom/query?查询= % 7 bjob % 3 d % 22 loki-ops % 2 fconsul % 22% 7 d&limit = 30开始= 1529928228,结束= 1529928228 & = backward®exp =常见的标签:{工作=“loki-ops /高”,名称空间=“loki-ops”} 2018 - 06 - 25 - t12:52:09z{实例=“高- 8576459955 - pl75w”} 2018/06/25 12:52:09[信息]筏:快照到475409年完成2018 - 06 - 25 - t12:52:09z{实例=“高- 8576459955 - pl75w”} 2018/06/25 12:52:09[信息]筏:压缩日志从456973年到465169年…美元logcli系列- q -匹配= '{名称空间=“洛基”,container_name =“洛基”}”{应用=“洛基”,container_name =“洛基”,controller_revision_hash =“loki-57c9df47f4”,文件名= " / var / log /豆荚loki_loki-0_8ed03ded-bacb-4b13-a6fe-53a445a15887洛基/ 0。日志”,实例= " loki-0”,工作= "洛基/洛基”,name = "洛基”,名称空间=“洛基”=“洛基”,statefulset_kubernetes_io_pod_name = " loki-0”,流= " stderr "}批处理查询
LogCLI将查询发送到洛基,查询结果分批到达。
的——限制选择一个logcli查询命令的帽子的数量为一个查询日志行。不设置时,——限制默认为30。极限保护用户免受压倒性的系统为例指定的查询会返回大量的日志。的极限也保护用户免受意外大反应。
日志行结果的数量,到达设定的每一批——批选择在一个logcli查询命令。不设置时,——批默认为1000。
设置一个——限制值大于——批值会导致请求从LogCLI洛基分批处理。洛基端限制,默认为5000年的最大数量为一个查询返回的行。的批处理请求允许您查询结果集超过服务器端限制,只要——批值小于服务器限制。
查询元数据输出stderr每一批。设置——安静选择在logcli查询命令行压制查询元数据的输出。
配置
配置值被认为是按照以下顺序(低到高):
- 环境变量
- 命令行选项
LogCLI命令参考
的输出logcli帮助:
用法:logcli[<标记>]<命令>[<参数>…]洛基的命令行。国旗:——帮助显示上下文相关的帮助(也尝试——help-long和帮助人类)。——版本显示应用程序版本。q,安静抑制查询元数据——数据显示查询统计- o,——输出=默认指定输出模式(默认情况下,原始,jsonl)。生抑制日志标签和时间戳。- z,时区=当地指定格式化输出时使用的时区时间戳(本地、UTC)——cpuprofile =”“编写一个CPU配置文件指定位置。——memprofile = " "指定位置写内存概要文件。——来自stdin stdin接受输入日志addr = " http://localhost: 3100 "服务器地址。也可以使用设置LOKI_ADDR env var。——用户名= " HTTP基本身份验证的用户名。也可以使用LOKI_USERNAME env var。——设置密码= " HTTP基本认证密码。 Can also be set using LOKI_PASSWORD env var. --ca-cert="" Path to the server Certificate Authority. Can also be set using LOKI_CA_CERT_PATH env var. --tls-skip-verify Server certificate TLS skip verify. --cert="" Path to the client certificate. Can also be set using LOKI_CLIENT_CERT_PATH env var. --key="" Path to the client certificate key. Can also be set using LOKI_CLIENT_KEY_PATH env var. --org-id="" adds X-Scope-OrgID to API requests for representing tenant ID. Useful for requesting tenant data when bypassing an auth gateway. Commands: help [...] Show help. query [] Run a LogQL query. The "query" command is useful for querying for logs. Logs can be returned in a few output modes: raw: log line default: log timestamp + log labels + log line jsonl: JSON response from Loki API of log line The output of the log can be specified with the "-o" flag, for example, "-o raw" for the raw output format. The "query" command will output extra information about the query and its results, such as the API URL, set of common labels, and set of excluded labels. This extra information can be suppressed with the --quiet flag. By default we look over the last hour of data; use --since to modify or provide specific start and end times with --from and --to respectively. Notice that when using --from and --to then ensure to use RFC3339Nano time format, but without timezone at the end. The local timezone will be added automatically or if using --timezone flag. Example: logcli query --timezone=UTC --from="2021-01-19T10:00:00Z" --to="2021-01-19T20:00:00Z" --output=jsonl 'my-query' The output is limited to 30 entries by default; use --limit to increase. While "query" does support metrics queries, its output contains multiple data points between the start and end query time. This output is used to build graphs, similar to what is seen in the Grafana Explore graph view. If you are querying metrics and just want the most recent data point (like what is seen in the Grafana Explore table view), then you should use the "instant-query" command instead. instant-query [] Run an instant LogQL query. The "instant-query" command is useful for evaluating a metric query for a single point in time. This is equivalent to the Grafana Explore table view; if you want a metrics query that is used to build a Grafana graph, you should use the "query" command instead. This command does not produce useful output when querying for log lines; you should always use the "query" command when you are running log queries. For more information about log queries and metric queries, refer to the LogQL documentation: //www.tubolov.com/docs/loki/latest/logql/ labels [] [ LogCLI查询命令参考
的输出logcli帮助查询:
用法:logcli查询[<标记>]<查询>运行LogQL查询。“查询”命令用于查询日志。日志可以返回在几个输出模式:生:日志行默认值:日志时间戳+日志标签+日志jsonl行:JSON响应从洛基API日志行日志的输出可以指定“o”标记,例如,“- o生”的原始输出格式。“查询”命令将输出额外的查询及其结果的信息,比如API URL,通用的标签,和排除标签。这些额外的信息可以抑制——安静的旗帜。默认情况下我们过去一小时的数据;使用,因为修改或提供具体的开始和结束时间——从和分别。注意,当使用——然后——确保使用RFC3339Nano时间格式,但是没有时区。当地时区将自动被添加或如果使用时区国旗。例子:logcli查询——时区= UTC——从=“2021 - 01 - 19 t10:00:00z”=“2021 - 01 - 19 t20:00:00z”——输出= jsonl我查询的默认输出仅限于30项; use --limit to increase. While "query" does support metrics queries, its output contains multiple data points between the start and end query time. This output is used to build graphs, similar to what is seen in the Grafana Explore graph view. If you are querying metrics and just want the most recent data point (like what is seen in the Grafana Explore table view), then you should use the "instant-query" command instead. Flags: --help Show context-sensitive help (also try --help-long and --help-man). --version Show application version. -q, --quiet Suppress query metadata --stats Show query statistics -o, --output=default Specify output mode [default, raw, jsonl]. raw suppresses log labels and timestamp. -z, --timezone=Local Specify the timezone to use when formatting output timestamps [Local, UTC] --cpuprofile="" Specify the location for writing a CPU profile. --memprofile="" Specify the location for writing a memory profile. --stdin Take input logs from stdin --addr="http://localhost:3100" Server address. Can also be set using LOKI_ADDR env var. --username="" Username for HTTP basic auth. Can also be set using LOKI_USERNAME env var. --password="" Password for HTTP basic auth. Can also be set using LOKI_PASSWORD env var. --ca-cert="" Path to the server Certificate Authority. Can also be set using LOKI_CA_CERT_PATH env var. --tls-skip-verify Server certificate TLS skip verify. --cert="" Path to the client certificate. Can also be set using LOKI_CLIENT_CERT_PATH env var. --key="" Path to the client certificate key. Can also be set using LOKI_CLIENT_KEY_PATH env var. --org-id="" adds X-Scope-OrgID to API requests for representing tenant ID. Useful for requesting tenant data when bypassing an auth gateway. --limit=30 Limit on number of entries to print. --since=1h Lookback window. --from=FROM Start looking for logs at this absolute time (inclusive) --to=TO Stop looking for logs at this absolute time (exclusive) --step=STEP Query resolution step width, for metric queries. Evaluate the query at the specified step over the time range. --interval=INTERVAL Query interval, for log queries. Return entries at the specified interval, ignoring those between. **This parameter is experimental, please see Issue 1779** --batch=1000 Query batch size to use until 'limit' is reached --forward Scan forwards through logs. --no-labels Do not print any labels --exclude-label=EXCLUDE-LABEL ... Exclude labels given the provided key during output. --include-label=INCLUDE-LABEL ... Include labels given the provided key during output. --labels-length=0 Set a fixed padding to labels --store-config="" Execute the current query using a configured storage from a given Loki configuration file. --remote-schema Execute the current query using a remote schema retrieved using the configured storage in the given Loki configuration file. --colored-output Show output with colored labels -t, --tail Tail the logs -f, --follow Alias for --tail --delay-for=0 Delay in tailing by number of seconds to accumulate logs for re-ordering Args: eg '{foo="bar",baz=~".*blip"} |~ ".*error.*"' LogCLI标签命令参考
的输出logcli帮助标签:
用法:logcli标签[<标记>][<标记>]找到值对于一个给定的标签。国旗:——帮助显示上下文相关的帮助(也尝试——help-long和帮助人类)。——版本显示应用程序版本。q,安静抑制查询元数据——数据显示查询统计- o,——输出=默认指定输出模式(默认情况下,原始,jsonl)。生抑制日志标签和时间戳。- z,时区=当地指定格式化输出时使用的时区时间戳(本地、UTC)——cpuprofile =”“编写一个CPU配置文件指定位置。——memprofile = " "指定位置写内存概要文件。——来自stdin stdin接受输入日志addr = " http://localhost: 3100 "服务器地址。也可以使用设置LOKI_ADDR env var。——用户名= " HTTP基本身份验证的用户名。也可以使用LOKI_USERNAME env var。——设置密码= " HTTP基本认证密码。 Can also be set using LOKI_PASSWORD env var. --ca-cert="" Path to the server Certificate Authority. Can also be set using LOKI_CA_CERT_PATH env var. --tls-skip-verify Server certificate TLS skip verify. --cert="" Path to the client certificate. Can also be set using LOKI_CLIENT_CERT_PATH env var. --key="" Path to the client certificate key. Can also be set using LOKI_CLIENT_KEY_PATH env var. --org-id="" adds X-Scope-OrgID to API requests for representing tenant ID. Useful for requesting tenant data when bypassing an auth gateway. --since=1h Lookback window. --from=FROM Start looking for labels at this absolute time (inclusive) --to=TO Stop looking for labels at this absolute time (exclusive) Args: [LogCLI系列命令参考
的输出logcli帮助系列:
用法:logcli系列[<标记>]<匹配器>系列运行查询。“系列”命令将提供标签匹配器和返回所有日志流在时间窗口中找到。可以发送一个空标签匹配器“{}”返回所有流。使用——analyze-labels国旗标签的总结中发现所有流。这有助于发现高基数标签。国旗:——帮助显示上下文相关的帮助(也尝试——help-long和帮助人类)。——版本显示应用程序版本。q,安静抑制查询元数据——数据显示查询统计- o,——输出=默认指定输出模式(默认情况下,原始,jsonl)。生抑制日志标签和时间戳。- z,时区=当地指定格式化输出时使用的时区时间戳(本地、UTC)——cpuprofile =”“编写一个CPU配置文件指定位置。 --memprofile="" Specify the location for writing a memory profile. --stdin Take input logs from stdin --addr="http://localhost:3100" Server address. Can also be set using LOKI_ADDR env var. --username="" Username for HTTP basic auth. Can also be set using LOKI_USERNAME env var. --password="" Password for HTTP basic auth. Can also be set using LOKI_PASSWORD env var. --ca-cert="" Path to the server Certificate Authority. Can also be set using LOKI_CA_CERT_PATH env var. --tls-skip-verify Server certificate TLS skip verify. --cert="" Path to the client certificate. Can also be set using LOKI_CLIENT_CERT_PATH env var. --key="" Path to the client certificate key. Can also be set using LOKI_CLIENT_KEY_PATH env var. --org-id="" adds X-Scope-OrgID to API requests for representing tenant ID. Useful for requesting tenant data when bypassing an auth gateway. --since=1h Lookback window. --from=FROM Start looking for logs at this absolute time (inclusive) --to=TO Stop looking for logs at this absolute time (exclusive) --analyze-labels Printout a summary of labels including count of label value combinations, useful for debugging high cardinality series Args: eg '{foo="bar",baz=~".*blip"}' LogCLI——stdin使用
你可以从你的消费记录行stdin而不是洛基服务器。
说你在你当地的日志文件,就想做一些LogQL查询运行,——stdin标志可以帮助。
注:目前不支持任何类型的度量查询
你可能需要使用stdin国旗上有几个原因
- 快速检查和验证LogQL表达式。
- 学习基础LogQL只有日志文件和
LogCLI工具(无需设置洛基服务器,Grafana等等)。 - 简单的讨论在公共论坛上。像问答,分享LogQL表达式。
笔记的使用
——限制当使用国旗没有任何意义——stdin(用寻呼机等少的)- 请注意没有标签当使用
——stdin- 所以流查询中的选择器是可选的e。g只是
| =“超时”| logfmt |水平=“错误”是一样的{foo =“酒吧”}| = "超时| logfmt |水平=“错误”
- 所以流查询中的选择器是可选的e。g只是
例子
- 线路滤波器,
猫mylog。查询日志| logcli——stdin ' | =“太多的开放连接” - 标签匹配器,
回声的味精=“超时发生”水平=“警告”| logcli——stdin查询”| logfmt |水平=“警告” - 不同的解析器(logfmt、json、模式、regexp)
猫mylog。日志| logcli——stdin查询”|模式< ip >——< _ > " <法> < uri > < _ > " <地位> <大小> < _ > <代理> < _ >的 - 行格式器-
猫mylog。查询日志| logcli——stdin的| logfmt | line_format”{{。查询}}{{.duration}}”
洛基相关资源
开始使用日志记录和Grafana洛基的第3部分(4)
加入这个网络研讨会学习为什么关联指标和日志是至关重要的在整个开发生命周期,以及洛基有助于减少日志记录成本和操作开销。
日志和洛基:基本配置设置
这次研讨会的关注Grafana洛基配置包括代理Promtail和码头工人;洛基服务器;和洛基存储为流行的后端。
可观测性& Grafana与日志
发现如何使用、管理和可视化Grafana和Grafana日志应用程序日志事件洛基。
