Menu
Important: This documentation is about an older version. It's relevant only to the release noted, many of the features and functions have been updated or replaced. Please view the current version.
Open source
Query examples
Some useful query examples here.
Log Query examples
Examples that filter on IP address
Return log lines that are not within a range of IPv4 addresses:
{job_name="myapp"} != ip("192.168.4.5-192.168.4.20")This example matches log lines with all IPv4 subnet values
192.168.4.5/16except IP address192.168.4.2:{job_name="myapp"} | logfmt | addr = ip("192.168.4.5/16") | addr != ip("192.168.4.2")
Examples that aid in security evaluation
Extract the user and IP address of failed logins from Linux
/var/log/secure{job="security"} |~ "Invalid user.*" | regexp "(^(?P<user>\\S+ {1,2}){8})" | regexp "(^(?P<ip>\\S+ {1,2}){10})" | line_format "IP = {{.ip}}\tUSER = {{.user}}"Get successful logins from Linux
/var/log/secure{job="security"} != "grafana_com" |= "session opened" != "sudo: " |regexp "(^(?P<user>\\S+ {1,2}){11})" | line_format "USER = {{.user}}"
Metrics Query examples
Return the per-second rate of all non-timeout errors within the last minutes per host for the MySQL job, and only include errors whose duration is above ten seconds.
sum by (host) (rate({job="mysql"} |= "error" != "timeout" | json | duration > 10s [1m]))
Was this page helpful?
Related resources from Grafana Labs
Getting started with logging and Grafana Loki
See a demo of the updated features in Loki, and how to create metrics from logs and alert on your logs with powerful Prometheus-style alerting rules.
Essential Grafana Loki configuration settings
This webinar focuses on Grafana Loki configuration including agents Promtail and Docker; the Loki server; and Loki storage for popular backends.
Scaling and securing your logs with Grafana Loki
This webinar covers the challenges of scaling and securing logs, and how Grafana Enterprise Logs powered by Grafana Loki can help, cost-effectively.