菜单
开源
LogCLI 入门指南
logcli 是一个 Loki 的命令行客户端,允许您对 Loki 实例运行 LogQL 查询。`query` 命令将输出有关查询及其结果的额外信息,例如 API URL、通用标签集合以及排除的标签集合。
这很有用,例如,如果您想从 Loki 下载某个范围的日志。或者想执行分析管理任务,例如发现日志流的数量以了解您的标签基数,或查找查询将搜索的数据的估计量。您也可以将 logcli 作为 shell 脚本的一部分使用。
如果您是 Grafana Cloud 用户,您还可以使用 logcli 查询通过 Cloud Logs Export 导出到长期存储的日志,或任何其他 Loki 格式的日志数据。
注意
请注意,logcli 是一个查询工具,不能用于摄取日志。
安装 logcli
最佳实践是,您应该下载与 Loki 版本匹配的 logcli 版本。并在升级 Loki 版本时升级 logcli。
二进制文件(推荐)
从Loki 发布页面下载 `logcli` 二进制文件。
提供适用于 Linux、Mac 和 Windows 的构建版本。
从源码构建 LogCLI
克隆 Loki 仓库并从源码构建 `logcli`
git clone https://github.com/grafana/loki.git
cd loki
make logcli(可选)将二进制文件移动到 `$PATH` 中的目录。
cp cmd/logcli/logcli /usr/local/bin/logcli设置命令补全
根据您的 shell 类型,您可以使用以下两种选项之一设置 `logcli` 的 Tab 补全
- 对于 bash,将此内容添加到您的 `~/.bashrc` 文件
eval "$(logcli --completion-script-bash)"- 对于 zsh,将此内容添加到您的 `~/.zshrc` 文件
eval "$(logcli --completion-script-zsh)"LogCLI 用法
安装 logcli 后,您可以使用以下方式运行它
logcli <命令> [<标志>, <参数> ...]
`<命令>` 指向其中一个命令,详情请参阅下面的命令参考。
`<标志>` 是每个命令可用的子命令之一。
`<参数>` 是一个以空格分隔的参数列表。参数可以选择使用环境变量覆盖。环境变量将始终优先于命令行参数。
对 Loki 进行认证
要连接到 Loki 实例,设置以下参数
- `--addr=http://loki.example.com:3100` 或 `LOKI_ADDR` 环境变量
例如,直接查询本地 Loki 实例而无需用户名和密码
export LOKI_ADDR=https://:3100
logcli query '{service_name="website"}'要连接需要认证的 Loki 实例,您还需要设置以下参数
- `--username` 或 `LOKI_USERNAME` 环境变量
- `--password` 或 `LOKI_PASSWORD` 环境变量
例如,查询 Grafana Cloud
export LOKI_ADDR=https://logs-us-west1.grafana.net
export LOKI_USERNAME=<username>
export LOKI_PASSWORD=<password>
logcli query '{service_name="website"}'要指定特定租户,设置以下参数
- `--org-id` 或 `LOKI_ORG_ID` 环境变量
注意
如果您在代理服务器后面运行 Loki 并配置了认证,您还需要相应地传入 LOKI_USERNAME 和 LOKI_PASSWORD、LOKI_BEARER_TOKEN 或 LOKI_BEARER_TOKEN_FILE。
LogCLI 命令参考
`logcli help` 的输出
usage: logcli [<flags>] <command> [<args> ...]
A command-line for loki.
Flags:
--[no-]help Show context-sensitive help (also try --help-long
and --help-man).
--[no-]version Show application version.
-q, --[no-]quiet Suppress query metadata
--[no-]stats Show query statistics
-o, --output=default Specify output mode [default, raw, jsonl].
raw suppresses log labels and timestamp.
-z, --timezone=Local Specify the timezone to use when formatting output
timestamps [Local, UTC]
--output-timestamp-format=rfc3339
Specify the format of timestamps in the default
output mode [rfc3339, rfc3339nano, rfc822z,
rfc1123z, stampmicro, stampmilli, stampnano,
unixdate]
--cpuprofile="" Specify the location for writing a CPU profile.
--memprofile="" Specify the location for writing a memory profile.
--[no-]stdin Take input logs from stdin
--addr="https://:3100"
Server address. Can also be set using LOKI_ADDR
env var. ($LOKI_ADDR)
--username="" Username for HTTP basic auth. Can also be set
using LOKI_USERNAME env var. ($LOKI_USERNAME)
--password="" Password for HTTP basic auth. Can also be set
using LOKI_PASSWORD env var. ($LOKI_PASSWORD)
--ca-cert="" Path to the server Certificate Authority.
Can also be set using LOKI_CA_CERT_PATH env var.
($LOKI_CA_CERT_PATH)
--[no-]tls-skip-verify Server certificate TLS skip verify. Can also
be set using LOKI_TLS_SKIP_VERIFY env var.
($LOKI_TLS_SKIP_VERIFY)
--cert="" Path to the client certificate. Can also
be set using LOKI_CLIENT_CERT_PATH env var.
($LOKI_CLIENT_CERT_PATH)
--key="" Path to the client certificate key. Can also
be set using LOKI_CLIENT_KEY_PATH env var.
($LOKI_CLIENT_KEY_PATH)
--org-id="" adds X-Scope-OrgID to API requests for
representing tenant ID. Useful for requesting
tenant data when bypassing an auth gateway.
Can also be set using LOKI_ORG_ID env var.
($LOKI_ORG_ID)
--query-tags="" adds X-Query-Tags http header to API requests.
This header value will be part of `metrics.go`
statistics. Useful for tracking the query.
Can also be set using LOKI_QUERY_TAGS env var.
($LOKI_QUERY_TAGS)
--[no-]nocache adds Cache-Control: no-cache http header to API
requests. Can also be set using LOKI_NO_CACHE env
var. ($LOKI_NO_CACHE)
--bearer-token="" adds the Authorization header to API requests for
authentication purposes. Can also be set using
LOKI_BEARER_TOKEN env var. ($LOKI_BEARER_TOKEN)
--bearer-token-file="" adds the Authorization header to API requests
for authentication purposes. Can also be
set using LOKI_BEARER_TOKEN_FILE env var.
($LOKI_BEARER_TOKEN_FILE)
--retries=0 How many times to retry each query when
getting an error response from Loki. Can also
be set using LOKI_CLIENT_RETRIES env var.
($LOKI_CLIENT_RETRIES)
--min-backoff=0 Minimum backoff time between retries. Can also
be set using LOKI_CLIENT_MIN_BACKOFF env var.
($LOKI_CLIENT_MIN_BACKOFF)
--max-backoff=0 Maximum backoff time between retries. Can also
be set using LOKI_CLIENT_MAX_BACKOFF env var.
($LOKI_CLIENT_MAX_BACKOFF)
--auth-header="Authorization"
The authorization header used. Can also
be set using LOKI_AUTH_HEADER env var.
($LOKI_AUTH_HEADER)
--proxy-url="" The http or https proxy to use when
making requests. Can also be set
using LOKI_HTTP_PROXY_URL env var.
($LOKI_HTTP_PROXY_URL)
--[no-]compress Request that Loki compress returned
data in transit. Can also be set
using LOKI_HTTP_COMPRESSION env var.
($LOKI_HTTP_COMPRESSION)
--[no-]envproxy Use ProxyFromEnvironment to use net/http
ProxyFromEnvironment configuration, eg HTTP_PROXY
($LOKI_ENV_PROXY)
Commands:
help [<command>...]
Show help.
query [<flags>] <query>
Run a LogQL query.
The "query" command is useful for querying for logs. Logs can be returned in
a few output modes:
raw: log line
default: log timestamp + log labels + log line
jsonl: JSON response from Loki API of log line
The output of the log can be specified with the "-o" flag, for example,
"-o raw" for the raw output format.
The "query" command will output extra information about the query and its
results, such as the API URL, set of common labels, and set of excluded
labels. This extra information can be suppressed with the --quiet flag.
By default we look over the last hour of data; use --since to modify or
provide specific start and end times with --from and --to respectively.
Notice that when using --from and --to then ensure to use RFC3339Nano time
format, but without timezone at the end. The local timezone will be added
automatically or if using --timezone flag. In default output mode the
--output-timestamp-format flag can be used to modify the output timestamp.
Example:
logcli query
--timezone=UTC
--from="2021-01-19T10:00:00Z"
--to="2021-01-19T20:00:00Z"
--output=jsonl
'my-query'
Example with --output-timestamp-format:
logcli query
--timezone=UTC
--from="2021-01-19T10:00:00Z"
--to="2021-01-19T20:00:00Z"
--output-timestamp-format=rfc3339nano
'my-query'
The output is limited to 30 entries by default; use --limit to increase.
While "query" does support metrics queries, its output contains multiple
data points between the start and end query time. This output is used to
build graphs, similar to what is seen in the Grafana Explore graph view.
If you are querying metrics and just want the most recent data point (like
what is seen in the Grafana Explore table view), then you should use the
"instant-query" command instead.
Parallelization:
You can download an unlimited number of logs in parallel, there are a few
flags which control this behaviour:
--parallel-duration
--parallel-max-workers
--part-path-prefix
--overwrite-completed-parts
--merge-parts
--keep-parts
Refer to the help for each flag for details about what each of them do.
Example:
logcli query
--timezone=UTC
--from="2021-01-19T10:00:00Z"
--to="2021-01-19T20:00:00Z"
--output=jsonl
--parallel-duration="15m"
--parallel-max-workers="4"
--part-path-prefix="/tmp/my_query"
--merge-parts
'my-query'
This example will create a queue of jobs to execute, each being 15 minutes
in duration. In this case, that means, for the 10-hour total duration,
there will be forty 15-minute jobs. The --limit flag is ignored.
It will start four workers, and they will each take a job to work on from
the queue until all the jobs have been completed.
Each job will save a "part" file to the location specified by the
--part-path-prefix. Different prefixes can be used to run multiple queries
at the same time. The timestamp of the start and end of the part is in
the file name. While the part is being downloaded, the filename will
end in ".part", when it is complete, the file will be renamed to remove
this ".part" extension. By default, if a completed part file is found,
that part will not be downloaded again. This can be overridden with the
--overwrite-completed-parts flag.
Part file example using the previous command, adding --keep-parts so they
are not deleted:
Since we don't have the --forward flag, the parts will be downloaded in
reverse. Two of the workers have finished their jobs (last two files),
and have picked up the next jobs in the queue. Running ls, this is what we
should expect to see.
$ ls -1 /tmp/my_query*
/tmp/my_query_20210119T183000_20210119T184500.part.tmp
/tmp/my_query_20210119T184500_20210119T190000.part.tmp
/tmp/my_query_20210119T190000_20210119T191500.part.tmp
/tmp/my_query_20210119T191500_20210119T193000.part.tmp
/tmp/my_query_20210119T193000_20210119T194500.part
/tmp/my_query_20210119T194500_20210119T200000.part
If you do not specify the --merge-parts flag, the part files will be
downloaded, and logcli will exit, and you can process the files as you wish.
With the flag specified, the part files will be read in order, and the
output printed to the terminal. The lines will be printed as soon as the
next part is complete, you don't have to wait for all the parts to download
before getting output. The --merge-parts flag will remove the part files
when it is done reading each of them. To change this, you can use the
--keep-parts flag, and the part files will not be removed.
instant-query [<flags>] <query>
Run an instant LogQL query.
The "instant-query" command is useful for evaluating a metric query for a
single point in time. This is equivalent to the Grafana Explore table view;
if you want a metrics query that is used to build a Grafana graph, you
should use the "query" command instead.
This command does not produce useful output when querying for log lines;
you should always use the "query" command when you are running log queries.
For more information about log queries and metric queries, refer to the
LogQL documentation:
https://grafana.org.cn/docs/loki/latest/logql/
labels [<flags>] [<label>]
Find values for a given label.
series [<flags>] <matcher>
Run series query.
The "series" command will take the provided label matcher and return all the
log streams found in the time window.
It is possible to send an empty label matcher '{}' to return all streams.
Use the --analyze-labels flag to get a summary of the labels found in all
streams. This is helpful to find high cardinality labels.
fmt
Formats a LogQL query.
stats [<flags>] <query>
Run a stats query.
The "stats" command will take the provided query and return statistics
from the index on how much data is contained in the matching stream(s).
This only works against Loki instances using the TSDB index format.
By default we look over the last hour of data; use --since to modify or
provide specific start and end times with --from and --to respectively.
Notice that when using --from and --to then ensure to use RFC3339Nano time
format, but without timezone at the end. The local timezone will be added
automatically or if using --timezone flag.
Example:
logcli stats
--timezone=UTC
--from="2021-01-19T10:00:00Z"
--to="2021-01-19T20:00:00Z"
'my-query'
volume [<flags>] <query>
Run a volume query.
The "volume" command will take the provided label selector(s) and return
aggregate volumes for series matching those volumes. This only works against
Loki instances using the TSDB index format.
By default we look over the last hour of data; use --since to modify or
provide specific start and end times with --from and --to respectively.
Notice that when using --from and --to then ensure to use RFC3339Nano time
format, but without timezone at the end. The local timezone will be added
automatically or if using --timezone flag.
Example:
logcli volume
--timezone=UTC
--from="2021-01-19T10:00:00Z"
--to="2021-01-19T20:00:00Z"
'my-query'
volume_range [<flags>] <query>
Run a volume query and return timeseries data.
The "volume_range" command will take the provided label selector(s) and
return aggregate volumes for series matching those volumes, aggregated into
buckets according to the step value. This only works against Loki instances
using the TSDB index format.
By default we look over the last hour of data; use --since to modify or
provide specific start and end times with --from and --to respectively.
Notice that when using --from and --to then ensure to use RFC3339Nano time
format, but without timezone at the end. The local timezone will be added
automatically or if using --timezone flag.
Example:
logcli volume_range
--timezone=UTC
--from="2021-01-19T10:00:00Z"
--to="2021-01-19T20:00:00Z"
--step=1h
'my-query'
detected-fields [<flags>] <query> [<field>]
Run a query for detected fields..
The "detected-fields" command will return information about fields detected
using either the "logfmt" or "json" parser against the log lines returned by
the provided query for the provided time range.
The "detected-fields" command will output extra information about the query
and its results, such as the API URL, set of common labels, and set of
excluded labels. This extra information can be suppressed with the --quiet
flag.
By default we look over the last hour of data; use --since to modify or
provide specific start and end times with --from and --to respectively.
Notice that when using --from and --to then ensure to use RFC3339Nano time
format, but without timezone at the end. The local timezone will be added
automatically or if using --timezone flag.
Example:
logcli detected-fields
--timezone=UTC
--from="2021-01-19T10:00:00Z"
--to="2021-01-19T20:00:00Z"
--output=jsonl
'my-query'
The output is limited to 100 fields by default; use --field-limit to
increase. The query is limited to processing 1000 lines per subquery;
use --line-limit to increase.`query` 命令参考
`logcli help query` 的输出
usage: logcli query [<flags>] <query>
Run a LogQL query.
The "query" command is useful for querying for logs. Logs can be returned in a
few output modes:
raw: log line
default: log timestamp + log labels + log line
jsonl: JSON response from Loki API of log line
The output of the log can be specified with the "-o" flag, for example, "-o raw"
for the raw output format.
The "query" command will output extra information about the query and its
results, such as the API URL, set of common labels, and set of excluded labels.
This extra information can be suppressed with the --quiet flag.
By default we look over the last hour of data; use --since to modify or provide
specific start and end times with --from and --to respectively.
Notice that when using --from and --to then ensure to use RFC3339Nano time
format, but without timezone at the end. The local timezone will be added
automatically or if using --timezone flag. In default output mode the
--output-timestamp-format flag can be used to modify the output timestamp.
Example:
logcli query
--timezone=UTC
--from="2021-01-19T10:00:00Z"
--to="2021-01-19T20:00:00Z"
--output=jsonl
'my-query'
Example with --output-timestamp-format:
logcli query
--timezone=UTC
--from="2021-01-19T10:00:00Z"
--to="2021-01-19T20:00:00Z"
--output-timestamp-format=rfc3339nano
'my-query'
The output is limited to 30 entries by default; use --limit to increase.
While "query" does support metrics queries, its output contains multiple data
points between the start and end query time. This output is used to build
graphs, similar to what is seen in the Grafana Explore graph view. If you are
querying metrics and just want the most recent data point (like what is seen in
the Grafana Explore table view), then you should use the "instant-query" command
instead.
Parallelization:
You can download an unlimited number of logs in parallel, there are a few flags
which control this behaviour:
--parallel-duration
--parallel-max-workers
--part-path-prefix
--overwrite-completed-parts
--merge-parts
--keep-parts
Refer to the help for each flag for details about what each of them do.
Example:
logcli query
--timezone=UTC
--from="2021-01-19T10:00:00Z"
--to="2021-01-19T20:00:00Z"
--output=jsonl
--parallel-duration="15m"
--parallel-max-workers="4"
--part-path-prefix="/tmp/my_query"
--merge-parts
'my-query'
This example will create a queue of jobs to execute, each being 15 minutes in
duration. In this case, that means, for the 10-hour total duration, there will
be forty 15-minute jobs. The --limit flag is ignored.
It will start four workers, and they will each take a job to work on from the
queue until all the jobs have been completed.
Each job will save a "part" file to the location specified by the
--part-path-prefix. Different prefixes can be used to run multiple queries at
the same time. The timestamp of the start and end of the part is in the file
name. While the part is being downloaded, the filename will end in ".part",
when it is complete, the file will be renamed to remove this ".part" extension.
By default, if a completed part file is found, that part will not be downloaded
again. This can be overridden with the --overwrite-completed-parts flag.
Part file example using the previous command, adding --keep-parts so they are
not deleted:
Since we don't have the --forward flag, the parts will be downloaded in reverse.
Two of the workers have finished their jobs (last two files), and have picked up
the next jobs in the queue. Running ls, this is what we should expect to see.
$ ls -1 /tmp/my_query* /tmp/my_query_20210119T183000_20210119T184500.part.tmp
/tmp/my_query_20210119T184500_20210119T190000.part.tmp
/tmp/my_query_20210119T190000_20210119T191500.part.tmp
/tmp/my_query_20210119T191500_20210119T193000.part.tmp
/tmp/my_query_20210119T193000_20210119T194500.part
/tmp/my_query_20210119T194500_20210119T200000.part
If you do not specify the --merge-parts flag, the part files will be downloaded,
and logcli will exit, and you can process the files as you wish. With the flag
specified, the part files will be read in order, and the output printed to
the terminal. The lines will be printed as soon as the next part is complete,
you don't have to wait for all the parts to download before getting output.
The --merge-parts flag will remove the part files when it is done reading each
of them. To change this, you can use the --keep-parts flag, and the part files
will not be removed.
Flags:
--[no-]help Show context-sensitive help (also try
--help-long and --help-man).
--[no-]version Show application version.
-q, --[no-]quiet Suppress query metadata
--[no-]stats Show query statistics
-o, --output=default Specify output mode [default, raw, jsonl].
raw suppresses log labels and timestamp.
-z, --timezone=Local Specify the timezone to use when formatting
output timestamps [Local, UTC]
--output-timestamp-format=rfc3339
Specify the format of timestamps in the default
output mode [rfc3339, rfc3339nano, rfc822z,
rfc1123z, stampmicro, stampmilli, stampnano,
unixdate]
--cpuprofile="" Specify the location for writing a CPU profile.
--memprofile="" Specify the location for writing a memory
profile.
--[no-]stdin Take input logs from stdin
--addr="https://:3100"
Server address. Can also be set using LOKI_ADDR
env var. ($LOKI_ADDR)
--username="" Username for HTTP basic auth. Can also be set
using LOKI_USERNAME env var. ($LOKI_USERNAME)
--password="" Password for HTTP basic auth. Can also be set
using LOKI_PASSWORD env var. ($LOKI_PASSWORD)
--ca-cert="" Path to the server Certificate Authority.
Can also be set using LOKI_CA_CERT_PATH env var.
($LOKI_CA_CERT_PATH)
--[no-]tls-skip-verify Server certificate TLS skip verify. Can also
be set using LOKI_TLS_SKIP_VERIFY env var.
($LOKI_TLS_SKIP_VERIFY)
--cert="" Path to the client certificate. Can also
be set using LOKI_CLIENT_CERT_PATH env var.
($LOKI_CLIENT_CERT_PATH)
--key="" Path to the client certificate key. Can also
be set using LOKI_CLIENT_KEY_PATH env var.
($LOKI_CLIENT_KEY_PATH)
--org-id="" adds X-Scope-OrgID to API requests for
representing tenant ID. Useful for requesting
tenant data when bypassing an auth gateway.
Can also be set using LOKI_ORG_ID env var.
($LOKI_ORG_ID)
--query-tags="" adds X-Query-Tags http header to API requests.
This header value will be part of `metrics.go`
statistics. Useful for tracking the query.
Can also be set using LOKI_QUERY_TAGS env var.
($LOKI_QUERY_TAGS)
--[no-]nocache adds Cache-Control: no-cache http header to API
requests. Can also be set using LOKI_NO_CACHE
env var. ($LOKI_NO_CACHE)
--bearer-token="" adds the Authorization header to API
requests for authentication purposes.
Can also be set using LOKI_BEARER_TOKEN env var.
($LOKI_BEARER_TOKEN)
--bearer-token-file="" adds the Authorization header to API requests
for authentication purposes. Can also be
set using LOKI_BEARER_TOKEN_FILE env var.
($LOKI_BEARER_TOKEN_FILE)
--retries=0 How many times to retry each query when
getting an error response from Loki. Can also
be set using LOKI_CLIENT_RETRIES env var.
($LOKI_CLIENT_RETRIES)
--min-backoff=0 Minimum backoff time between retries. Can also
be set using LOKI_CLIENT_MIN_BACKOFF env var.
($LOKI_CLIENT_MIN_BACKOFF)
--max-backoff=0 Maximum backoff time between retries. Can also
be set using LOKI_CLIENT_MAX_BACKOFF env var.
($LOKI_CLIENT_MAX_BACKOFF)
--auth-header="Authorization"
The authorization header used. Can also
be set using LOKI_AUTH_HEADER env var.
($LOKI_AUTH_HEADER)
--proxy-url="" The http or https proxy to use when
making requests. Can also be set
using LOKI_HTTP_PROXY_URL env var.
($LOKI_HTTP_PROXY_URL)
--[no-]compress Request that Loki compress returned
data in transit. Can also be set
using LOKI_HTTP_COMPRESSION env var.
($LOKI_HTTP_COMPRESSION)
--[no-]envproxy Use ProxyFromEnvironment to use net/http
ProxyFromEnvironment configuration, eg
HTTP_PROXY ($LOKI_ENV_PROXY)
--limit=30 Limit on number of entries to print. Setting it
to 0 will fetch all entries.
--since=1h Lookback window.
--from=FROM Start looking for logs at this absolute time
(inclusive)
--to=TO Stop looking for logs at this absolute time
(exclusive)
--step=STEP Query resolution step width, for metric queries.
Evaluate the query at the specified step over
the time range.
--interval=INTERVAL Query interval, for log queries. Return entries
at the specified interval, ignoring those
between. **This parameter is experimental,
please see Issue 1779**
--batch=1000 Query batch size to use until 'limit' is reached
--parallel-duration=1h Split the range into jobs of this length to
download the logs in parallel. This will
result in the logs being out of order.
Use --part-path-prefix to create a file per job
to maintain ordering.
--parallel-max-workers=1 Max number of workers to start up for parallel
jobs. A value of 1 will not create any parallel
workers. When using parallel workers, limit is
ignored.
--part-path-prefix=PART-PATH-PREFIX
When set, each server response will be saved
to a file with this prefix. Creates files in
the format: 'prefix-utc_start-utc_end.part'.
Intended to be used with the parallel-* flags
so that you can combine the files to maintain
ordering based on the filename. Default is to
write to stdout.
--[no-]overwrite-completed-parts
Overwrites completed part files. This will
download the range again, and replace the
original completed part file. Default will skip
a range if it's part file is already downloaded.
--[no-]merge-parts Reads the part files in order and writes the
output to stdout. Original part files will be
deleted with this option.
--[no-]keep-parts Overrides the default behaviour of --merge-parts
which will delete the part files once all the
files have been read. This option will keep the
part files.
--[no-]forward Scan forwards through logs.
--[no-]no-labels Do not print any labels
--exclude-label=EXCLUDE-LABEL ...
Exclude labels given the provided key during
output.
--include-label=INCLUDE-LABEL ...
Include labels given the provided key during
output.
--[no-]include-common-labels
Include common labels in output for each log
line.
--labels-length=0 Set a fixed padding to labels
--store-config="" Execute the current query using a configured
storage from a given Loki configuration file.
--[no-]remote-schema Execute the current query using a remote schema
retrieved from the configured -schema-store.
--schema-store="" Store used for retrieving remote schema.
--[no-]colored-output Show output with colored labels
-t, --[no-]tail Tail the logs
-f, --[no-]follow Alias for --tail
--delay-for=0 Delay in tailing by number of seconds to
accumulate logs for re-ordering
Args:
<query> eg '{foo="bar",baz=~".*blip"} |~ ".*error.*"'`instant-query` 命令参考
`logcli help instant-query` 的输出
usage: logcli instant-query [<flags>] <query>
Run an instant LogQL query.
The "instant-query" command is useful for evaluating a metric query for a
single point in time. This is equivalent to the Grafana Explore table view;
if you want a metrics query that is used to build a Grafana graph, you should
use the "query" command instead.
This command does not produce useful output when querying for log lines;
you should always use the "query" command when you are running log queries.
For more information about log queries and metric queries, refer to the LogQL
documentation:
https://grafana.org.cn/docs/loki/latest/logql/
Flags:
--[no-]help Show context-sensitive help (also try --help-long
and --help-man).
--[no-]version Show application version.
-q, --[no-]quiet Suppress query metadata
--[no-]stats Show query statistics
-o, --output=default Specify output mode [default, raw, jsonl].
raw suppresses log labels and timestamp.
-z, --timezone=Local Specify the timezone to use when formatting output
timestamps [Local, UTC]
--output-timestamp-format=rfc3339
Specify the format of timestamps in the default
output mode [rfc3339, rfc3339nano, rfc822z,
rfc1123z, stampmicro, stampmilli, stampnano,
unixdate]
--cpuprofile="" Specify the location for writing a CPU profile.
--memprofile="" Specify the location for writing a memory profile.
--[no-]stdin Take input logs from stdin
--addr="https://:3100"
Server address. Can also be set using LOKI_ADDR
env var. ($LOKI_ADDR)
--username="" Username for HTTP basic auth. Can also be set
using LOKI_USERNAME env var. ($LOKI_USERNAME)
--password="" Password for HTTP basic auth. Can also be set
using LOKI_PASSWORD env var. ($LOKI_PASSWORD)
--ca-cert="" Path to the server Certificate Authority.
Can also be set using LOKI_CA_CERT_PATH env var.
($LOKI_CA_CERT_PATH)
--[no-]tls-skip-verify Server certificate TLS skip verify. Can also
be set using LOKI_TLS_SKIP_VERIFY env var.
($LOKI_TLS_SKIP_VERIFY)
--cert="" Path to the client certificate. Can also
be set using LOKI_CLIENT_CERT_PATH env var.
($LOKI_CLIENT_CERT_PATH)
--key="" Path to the client certificate key. Can also
be set using LOKI_CLIENT_KEY_PATH env var.
($LOKI_CLIENT_KEY_PATH)
--org-id="" adds X-Scope-OrgID to API requests for
representing tenant ID. Useful for requesting
tenant data when bypassing an auth gateway.
Can also be set using LOKI_ORG_ID env var.
($LOKI_ORG_ID)
--query-tags="" adds X-Query-Tags http header to API requests.
This header value will be part of `metrics.go`
statistics. Useful for tracking the query.
Can also be set using LOKI_QUERY_TAGS env var.
($LOKI_QUERY_TAGS)
--[no-]nocache adds Cache-Control: no-cache http header to API
requests. Can also be set using LOKI_NO_CACHE env
var. ($LOKI_NO_CACHE)
--bearer-token="" adds the Authorization header to API requests for
authentication purposes. Can also be set using
LOKI_BEARER_TOKEN env var. ($LOKI_BEARER_TOKEN)
--bearer-token-file="" adds the Authorization header to API requests
for authentication purposes. Can also be
set using LOKI_BEARER_TOKEN_FILE env var.
($LOKI_BEARER_TOKEN_FILE)
--retries=0 How many times to retry each query when
getting an error response from Loki. Can also
be set using LOKI_CLIENT_RETRIES env var.
($LOKI_CLIENT_RETRIES)
--min-backoff=0 Minimum backoff time between retries. Can also
be set using LOKI_CLIENT_MIN_BACKOFF env var.
($LOKI_CLIENT_MIN_BACKOFF)
--max-backoff=0 Maximum backoff time between retries. Can also
be set using LOKI_CLIENT_MAX_BACKOFF env var.
($LOKI_CLIENT_MAX_BACKOFF)
--auth-header="Authorization"
The authorization header used. Can also
be set using LOKI_AUTH_HEADER env var.
($LOKI_AUTH_HEADER)
--proxy-url="" The http or https proxy to use when
making requests. Can also be set
using LOKI_HTTP_PROXY_URL env var.
($LOKI_HTTP_PROXY_URL)
--[no-]compress Request that Loki compress returned
data in transit. Can also be set
using LOKI_HTTP_COMPRESSION env var.
($LOKI_HTTP_COMPRESSION)
--[no-]envproxy Use ProxyFromEnvironment to use net/http
ProxyFromEnvironment configuration, eg HTTP_PROXY
($LOKI_ENV_PROXY)
--limit=30 Limit on number of entries to print. Setting it to
0 will fetch all entries.
--now=NOW Time at which to execute the instant query.
--[no-]forward Scan forwards through logs.
--[no-]no-labels Do not print any labels
--exclude-label=EXCLUDE-LABEL ...
Exclude labels given the provided key during
output.
--include-label=INCLUDE-LABEL ...
Include labels given the provided key during
output.
--[no-]include-common-labels
Include common labels in output for each log line.
--labels-length=0 Set a fixed padding to labels
--store-config="" Execute the current query using a configured
storage from a given Loki configuration file.
--[no-]remote-schema Execute the current query using a remote schema
retrieved from the configured -schema-store.
--schema-store="" Store used for retrieving remote schema.
--[no-]colored-output Show output with colored labels
Args:
<query> eg 'rate({foo="bar"} |~ ".*error.*" [5m])'`labels` 命令参考
`logcli help labels` 的输出
usage: logcli labels [<flags>] [<label>]
Find values for a given label.
Flags:
--[no-]help Show context-sensitive help (also try --help-long
and --help-man).
--[no-]version Show application version.
-q, --[no-]quiet Suppress query metadata
--[no-]stats Show query statistics
-o, --output=default Specify output mode [default, raw, jsonl].
raw suppresses log labels and timestamp.
-z, --timezone=Local Specify the timezone to use when formatting output
timestamps [Local, UTC]
--output-timestamp-format=rfc3339
Specify the format of timestamps in the default
output mode [rfc3339, rfc3339nano, rfc822z,
rfc1123z, stampmicro, stampmilli, stampnano,
unixdate]
--cpuprofile="" Specify the location for writing a CPU profile.
--memprofile="" Specify the location for writing a memory profile.
--[no-]stdin Take input logs from stdin
--addr="https://:3100"
Server address. Can also be set using LOKI_ADDR
env var. ($LOKI_ADDR)
--username="" Username for HTTP basic auth. Can also be set
using LOKI_USERNAME env var. ($LOKI_USERNAME)
--password="" Password for HTTP basic auth. Can also be set
using LOKI_PASSWORD env var. ($LOKI_PASSWORD)
--ca-cert="" Path to the server Certificate Authority.
Can also be set using LOKI_CA_CERT_PATH env var.
($LOKI_CA_CERT_PATH)
--[no-]tls-skip-verify Server certificate TLS skip verify. Can also
be set using LOKI_TLS_SKIP_VERIFY env var.
($LOKI_TLS_SKIP_VERIFY)
--cert="" Path to the client certificate. Can also
be set using LOKI_CLIENT_CERT_PATH env var.
($LOKI_CLIENT_CERT_PATH)
--key="" Path to the client certificate key. Can also
be set using LOKI_CLIENT_KEY_PATH env var.
($LOKI_CLIENT_KEY_PATH)
--org-id="" adds X-Scope-OrgID to API requests for
representing tenant ID. Useful for requesting
tenant data when bypassing an auth gateway.
Can also be set using LOKI_ORG_ID env var.
($LOKI_ORG_ID)
--query-tags="" adds X-Query-Tags http header to API requests.
This header value will be part of `metrics.go`
statistics. Useful for tracking the query.
Can also be set using LOKI_QUERY_TAGS env var.
($LOKI_QUERY_TAGS)
--[no-]nocache adds Cache-Control: no-cache http header to API
requests. Can also be set using LOKI_NO_CACHE env
var. ($LOKI_NO_CACHE)
--bearer-token="" adds the Authorization header to API requests for
authentication purposes. Can also be set using
LOKI_BEARER_TOKEN env var. ($LOKI_BEARER_TOKEN)
--bearer-token-file="" adds the Authorization header to API requests
for authentication purposes. Can also be
set using LOKI_BEARER_TOKEN_FILE env var.
($LOKI_BEARER_TOKEN_FILE)
--retries=0 How many times to retry each query when
getting an error response from Loki. Can also
be set using LOKI_CLIENT_RETRIES env var.
($LOKI_CLIENT_RETRIES)
--min-backoff=0 Minimum backoff time between retries. Can also
be set using LOKI_CLIENT_MIN_BACKOFF env var.
($LOKI_CLIENT_MIN_BACKOFF)
--max-backoff=0 Maximum backoff time between retries. Can also
be set using LOKI_CLIENT_MAX_BACKOFF env var.
($LOKI_CLIENT_MAX_BACKOFF)
--auth-header="Authorization"
The authorization header used. Can also
be set using LOKI_AUTH_HEADER env var.
($LOKI_AUTH_HEADER)
--proxy-url="" The http or https proxy to use when
making requests. Can also be set
using LOKI_HTTP_PROXY_URL env var.
($LOKI_HTTP_PROXY_URL)
--[no-]compress Request that Loki compress returned
data in transit. Can also be set
using LOKI_HTTP_COMPRESSION env var.
($LOKI_HTTP_COMPRESSION)
--[no-]envproxy Use ProxyFromEnvironment to use net/http
ProxyFromEnvironment configuration, eg HTTP_PROXY
($LOKI_ENV_PROXY)
--since=1h Lookback window.
--from=FROM Start looking for labels at this absolute time
(inclusive)
--to=TO Stop looking for labels at this absolute time
(exclusive)
Args:
[<label>] The name of the label.`series` 命令参考
`logcli help series` 的输出
usage: logcli series [<flags>] <matcher>
Run series query.
The "series" command will take the provided label matcher and return all the log
streams found in the time window.
It is possible to send an empty label matcher '{}' to return all streams.
Use the --analyze-labels flag to get a summary of the labels found in all
streams. This is helpful to find high cardinality labels.
Flags:
--[no-]help Show context-sensitive help (also try --help-long
and --help-man).
--[no-]version Show application version.
-q, --[no-]quiet Suppress query metadata
--[no-]stats Show query statistics
-o, --output=default Specify output mode [default, raw, jsonl].
raw suppresses log labels and timestamp.
-z, --timezone=Local Specify the timezone to use when formatting output
timestamps [Local, UTC]
--output-timestamp-format=rfc3339
Specify the format of timestamps in the default
output mode [rfc3339, rfc3339nano, rfc822z,
rfc1123z, stampmicro, stampmilli, stampnano,
unixdate]
--cpuprofile="" Specify the location for writing a CPU profile.
--memprofile="" Specify the location for writing a memory profile.
--[no-]stdin Take input logs from stdin
--addr="https://:3100"
Server address. Can also be set using LOKI_ADDR
env var. ($LOKI_ADDR)
--username="" Username for HTTP basic auth. Can also be set
using LOKI_USERNAME env var. ($LOKI_USERNAME)
--password="" Password for HTTP basic auth. Can also be set
using LOKI_PASSWORD env var. ($LOKI_PASSWORD)
--ca-cert="" Path to the server Certificate Authority.
Can also be set using LOKI_CA_CERT_PATH env var.
($LOKI_CA_CERT_PATH)
--[no-]tls-skip-verify Server certificate TLS skip verify. Can also
be set using LOKI_TLS_SKIP_VERIFY env var.
($LOKI_TLS_SKIP_VERIFY)
--cert="" Path to the client certificate. Can also
be set using LOKI_CLIENT_CERT_PATH env var.
($LOKI_CLIENT_CERT_PATH)
--key="" Path to the client certificate key. Can also
be set using LOKI_CLIENT_KEY_PATH env var.
($LOKI_CLIENT_KEY_PATH)
--org-id="" adds X-Scope-OrgID to API requests for
representing tenant ID. Useful for requesting
tenant data when bypassing an auth gateway.
Can also be set using LOKI_ORG_ID env var.
($LOKI_ORG_ID)
--query-tags="" adds X-Query-Tags http header to API requests.
This header value will be part of `metrics.go`
statistics. Useful for tracking the query.
Can also be set using LOKI_QUERY_TAGS env var.
($LOKI_QUERY_TAGS)
--[no-]nocache adds Cache-Control: no-cache http header to API
requests. Can also be set using LOKI_NO_CACHE env
var. ($LOKI_NO_CACHE)
--bearer-token="" adds the Authorization header to API requests for
authentication purposes. Can also be set using
LOKI_BEARER_TOKEN env var. ($LOKI_BEARER_TOKEN)
--bearer-token-file="" adds the Authorization header to API requests
for authentication purposes. Can also be
set using LOKI_BEARER_TOKEN_FILE env var.
($LOKI_BEARER_TOKEN_FILE)
--retries=0 How many times to retry each query when
getting an error response from Loki. Can also
be set using LOKI_CLIENT_RETRIES env var.
($LOKI_CLIENT_RETRIES)
--min-backoff=0 Minimum backoff time between retries. Can also
be set using LOKI_CLIENT_MIN_BACKOFF env var.
($LOKI_CLIENT_MIN_BACKOFF)
--max-backoff=0 Maximum backoff time between retries. Can also
be set using LOKI_CLIENT_MAX_BACKOFF env var.
($LOKI_CLIENT_MAX_BACKOFF)
--auth-header="Authorization"
The authorization header used. Can also
be set using LOKI_AUTH_HEADER env var.
($LOKI_AUTH_HEADER)
--proxy-url="" The http or https proxy to use when
making requests. Can also be set
using LOKI_HTTP_PROXY_URL env var.
($LOKI_HTTP_PROXY_URL)
--[no-]compress Request that Loki compress returned
data in transit. Can also be set
using LOKI_HTTP_COMPRESSION env var.
($LOKI_HTTP_COMPRESSION)
--[no-]envproxy Use ProxyFromEnvironment to use net/http
ProxyFromEnvironment configuration, eg HTTP_PROXY
($LOKI_ENV_PROXY)
--since=1h Lookback window.
--from=FROM Start looking for logs at this absolute time
(inclusive)
--to=TO Stop looking for logs at this absolute time
(exclusive)
--[no-]analyze-labels Printout a summary of labels including count of
label value combinations, useful for debugging
high cardinality series
Args:
<matcher> eg '{foo="bar",baz=~".*blip"}'`stats` 命令参考
`logcli help stats` 的输出
usage: logcli stats [<flags>] <query>
Run a stats query.
The "stats" command will take the provided query and return statistics from the
index on how much data is contained in the matching stream(s). This only works
against Loki instances using the TSDB index format.
By default we look over the last hour of data; use --since to modify or provide
specific start and end times with --from and --to respectively.
Notice that when using --from and --to then ensure to use RFC3339Nano time
format, but without timezone at the end. The local timezone will be added
automatically or if using --timezone flag.
Example:
logcli stats
--timezone=UTC
--from="2021-01-19T10:00:00Z"
--to="2021-01-19T20:00:00Z"
'my-query'
Flags:
--[no-]help Show context-sensitive help (also try --help-long
and --help-man).
--[no-]version Show application version.
-q, --[no-]quiet Suppress query metadata
--[no-]stats Show query statistics
-o, --output=default Specify output mode [default, raw, jsonl].
raw suppresses log labels and timestamp.
-z, --timezone=Local Specify the timezone to use when formatting output
timestamps [Local, UTC]
--output-timestamp-format=rfc3339
Specify the format of timestamps in the default
output mode [rfc3339, rfc3339nano, rfc822z,
rfc1123z, stampmicro, stampmilli, stampnano,
unixdate]
--cpuprofile="" Specify the location for writing a CPU profile.
--memprofile="" Specify the location for writing a memory profile.
--[no-]stdin Take input logs from stdin
--addr="https://:3100"
Server address. Can also be set using LOKI_ADDR
env var. ($LOKI_ADDR)
--username="" Username for HTTP basic auth. Can also be set
using LOKI_USERNAME env var. ($LOKI_USERNAME)
--password="" Password for HTTP basic auth. Can also be set
using LOKI_PASSWORD env var. ($LOKI_PASSWORD)
--ca-cert="" Path to the server Certificate Authority.
Can also be set using LOKI_CA_CERT_PATH env var.
($LOKI_CA_CERT_PATH)
--[no-]tls-skip-verify Server certificate TLS skip verify. Can also
be set using LOKI_TLS_SKIP_VERIFY env var.
($LOKI_TLS_SKIP_VERIFY)
--cert="" Path to the client certificate. Can also
be set using LOKI_CLIENT_CERT_PATH env var.
($LOKI_CLIENT_CERT_PATH)
--key="" Path to the client certificate key. Can also
be set using LOKI_CLIENT_KEY_PATH env var.
($LOKI_CLIENT_KEY_PATH)
--org-id="" adds X-Scope-OrgID to API requests for
representing tenant ID. Useful for requesting
tenant data when bypassing an auth gateway.
Can also be set using LOKI_ORG_ID env var.
($LOKI_ORG_ID)
--query-tags="" adds X-Query-Tags http header to API requests.
This header value will be part of `metrics.go`
statistics. Useful for tracking the query.
Can also be set using LOKI_QUERY_TAGS env var.
($LOKI_QUERY_TAGS)
--[no-]nocache adds Cache-Control: no-cache http header to API
requests. Can also be set using LOKI_NO_CACHE env
var. ($LOKI_NO_CACHE)
--bearer-token="" adds the Authorization header to API requests for
authentication purposes. Can also be set using
LOKI_BEARER_TOKEN env var. ($LOKI_BEARER_TOKEN)
--bearer-token-file="" adds the Authorization header to API requests
for authentication purposes. Can also be
set using LOKI_BEARER_TOKEN_FILE env var.
($LOKI_BEARER_TOKEN_FILE)
--retries=0 How many times to retry each query when
getting an error response from Loki. Can also
be set using LOKI_CLIENT_RETRIES env var.
($LOKI_CLIENT_RETRIES)
--min-backoff=0 Minimum backoff time between retries. Can also
be set using LOKI_CLIENT_MIN_BACKOFF env var.
($LOKI_CLIENT_MIN_BACKOFF)
--max-backoff=0 Maximum backoff time between retries. Can also
be set using LOKI_CLIENT_MAX_BACKOFF env var.
($LOKI_CLIENT_MAX_BACKOFF)
--auth-header="Authorization"
The authorization header used. Can also
be set using LOKI_AUTH_HEADER env var.
($LOKI_AUTH_HEADER)
--proxy-url="" The http or https proxy to use when
making requests. Can also be set
using LOKI_HTTP_PROXY_URL env var.
($LOKI_HTTP_PROXY_URL)
--[no-]compress Request that Loki compress returned
data in transit. Can also be set
using LOKI_HTTP_COMPRESSION env var.
($LOKI_HTTP_COMPRESSION)
--[no-]envproxy Use ProxyFromEnvironment to use net/http
ProxyFromEnvironment configuration, eg HTTP_PROXY
($LOKI_ENV_PROXY)
--since=1h Lookback window.
--from=FROM Start looking for logs at this absolute time
(inclusive)
--to=TO Stop looking for logs at this absolute time
(exclusive)
Args:
<query> eg '{foo="bar",baz=~".*blip"} |~ ".*error.*"'`volume` 命令参考
`logcli help volume` 的输出
usage: logcli volume [<flags>] <query>
Run a volume query.
The "volume" command will take the provided label selector(s) and return
aggregate volumes for series matching those volumes. This only works against
Loki instances using the TSDB index format.
By default we look over the last hour of data; use --since to modify or provide
specific start and end times with --from and --to respectively.
Notice that when using --from and --to then ensure to use RFC3339Nano time
format, but without timezone at the end. The local timezone will be added
automatically or if using --timezone flag.
Example:
logcli volume
--timezone=UTC
--from="2021-01-19T10:00:00Z"
--to="2021-01-19T20:00:00Z"
'my-query'
Flags:
--[no-]help Show context-sensitive help (also try
--help-long and --help-man).
--[no-]version Show application version.
-q, --[no-]quiet Suppress query metadata
--[no-]stats Show query statistics
-o, --output=default Specify output mode [default, raw, jsonl].
raw suppresses log labels and timestamp.
-z, --timezone=Local Specify the timezone to use when formatting
output timestamps [Local, UTC]
--output-timestamp-format=rfc3339
Specify the format of timestamps in the default
output mode [rfc3339, rfc3339nano, rfc822z,
rfc1123z, stampmicro, stampmilli, stampnano,
unixdate]
--cpuprofile="" Specify the location for writing a CPU profile.
--memprofile="" Specify the location for writing a memory
profile.
--[no-]stdin Take input logs from stdin
--addr="https://:3100"
Server address. Can also be set using LOKI_ADDR
env var. ($LOKI_ADDR)
--username="" Username for HTTP basic auth. Can also be set
using LOKI_USERNAME env var. ($LOKI_USERNAME)
--password="" Password for HTTP basic auth. Can also be set
using LOKI_PASSWORD env var. ($LOKI_PASSWORD)
--ca-cert="" Path to the server Certificate Authority.
Can also be set using LOKI_CA_CERT_PATH env var.
($LOKI_CA_CERT_PATH)
--[no-]tls-skip-verify Server certificate TLS skip verify. Can also
be set using LOKI_TLS_SKIP_VERIFY env var.
($LOKI_TLS_SKIP_VERIFY)
--cert="" Path to the client certificate. Can also
be set using LOKI_CLIENT_CERT_PATH env var.
($LOKI_CLIENT_CERT_PATH)
--key="" Path to the client certificate key. Can also
be set using LOKI_CLIENT_KEY_PATH env var.
($LOKI_CLIENT_KEY_PATH)
--org-id="" adds X-Scope-OrgID to API requests for
representing tenant ID. Useful for requesting
tenant data when bypassing an auth gateway.
Can also be set using LOKI_ORG_ID env var.
($LOKI_ORG_ID)
--query-tags="" adds X-Query-Tags http header to API requests.
This header value will be part of `metrics.go`
statistics. Useful for tracking the query.
Can also be set using LOKI_QUERY_TAGS env var.
($LOKI_QUERY_TAGS)
--[no-]nocache adds Cache-Control: no-cache http header to API
requests. Can also be set using LOKI_NO_CACHE
env var. ($LOKI_NO_CACHE)
--bearer-token="" adds the Authorization header to API
requests for authentication purposes.
Can also be set using LOKI_BEARER_TOKEN env var.
($LOKI_BEARER_TOKEN)
--bearer-token-file="" adds the Authorization header to API requests
for authentication purposes. Can also be
set using LOKI_BEARER_TOKEN_FILE env var.
($LOKI_BEARER_TOKEN_FILE)
--retries=0 How many times to retry each query when
getting an error response from Loki. Can also
be set using LOKI_CLIENT_RETRIES env var.
($LOKI_CLIENT_RETRIES)
--min-backoff=0 Minimum backoff time between retries. Can also
be set using LOKI_CLIENT_MIN_BACKOFF env var.
($LOKI_CLIENT_MIN_BACKOFF)
--max-backoff=0 Maximum backoff time between retries. Can also
be set using LOKI_CLIENT_MAX_BACKOFF env var.
($LOKI_CLIENT_MAX_BACKOFF)
--auth-header="Authorization"
The authorization header used. Can also
be set using LOKI_AUTH_HEADER env var.
($LOKI_AUTH_HEADER)
--proxy-url="" The http or https proxy to use when
making requests. Can also be set
using LOKI_HTTP_PROXY_URL env var.
($LOKI_HTTP_PROXY_URL)
--[no-]compress Request that Loki compress returned
data in transit. Can also be set
using LOKI_HTTP_COMPRESSION env var.
($LOKI_HTTP_COMPRESSION)
--[no-]envproxy Use ProxyFromEnvironment to use net/http
ProxyFromEnvironment configuration, eg
HTTP_PROXY ($LOKI_ENV_PROXY)
--since=1h Lookback window.
--from=FROM Start looking for logs at this absolute time
(inclusive)
--to=TO Stop looking for logs at this absolute time
(exclusive)
--limit=30 Limit on number of series to return volumes for.
--targetLabels=TARGETLABELS ...
List of labels to aggregate results into.
--[no-]aggregateByLabels Whether to aggregate results by label name only.
Args:
<query> eg '{foo="bar",baz=~".*blip"}`volume_range` 命令参考
`logcli help volume_range` 的输出
usage: logcli volume_range [<flags>] <query>
Run a volume query and return timeseries data.
The "volume_range" command will take the provided label selector(s) and return
aggregate volumes for series matching those volumes, aggregated into buckets
according to the step value. This only works against Loki instances using the
TSDB index format.
By default we look over the last hour of data; use --since to modify or provide
specific start and end times with --from and --to respectively.
Notice that when using --from and --to then ensure to use RFC3339Nano time
format, but without timezone at the end. The local timezone will be added
automatically or if using --timezone flag.
Example:
logcli volume_range
--timezone=UTC
--from="2021-01-19T10:00:00Z"
--to="2021-01-19T20:00:00Z"
--step=1h
'my-query'
Flags:
--[no-]help Show context-sensitive help (also try
--help-long and --help-man).
--[no-]version Show application version.
-q, --[no-]quiet Suppress query metadata
--[no-]stats Show query statistics
-o, --output=default Specify output mode [default, raw, jsonl].
raw suppresses log labels and timestamp.
-z, --timezone=Local Specify the timezone to use when formatting
output timestamps [Local, UTC]
--output-timestamp-format=rfc3339
Specify the format of timestamps in the default
output mode [rfc3339, rfc3339nano, rfc822z,
rfc1123z, stampmicro, stampmilli, stampnano,
unixdate]
--cpuprofile="" Specify the location for writing a CPU profile.
--memprofile="" Specify the location for writing a memory
profile.
--[no-]stdin Take input logs from stdin
--addr="https://:3100"
Server address. Can also be set using LOKI_ADDR
env var. ($LOKI_ADDR)
--username="" Username for HTTP basic auth. Can also be set
using LOKI_USERNAME env var. ($LOKI_USERNAME)
--password="" Password for HTTP basic auth. Can also be set
using LOKI_PASSWORD env var. ($LOKI_PASSWORD)
--ca-cert="" Path to the server Certificate Authority.
Can also be set using LOKI_CA_CERT_PATH env var.
($LOKI_CA_CERT_PATH)
--[no-]tls-skip-verify Server certificate TLS skip verify. Can also
be set using LOKI_TLS_SKIP_VERIFY env var.
($LOKI_TLS_SKIP_VERIFY)
--cert="" Path to the client certificate. Can also
be set using LOKI_CLIENT_CERT_PATH env var.
($LOKI_CLIENT_CERT_PATH)
--key="" Path to the client certificate key. Can also
be set using LOKI_CLIENT_KEY_PATH env var.
($LOKI_CLIENT_KEY_PATH)
--org-id="" adds X-Scope-OrgID to API requests for
representing tenant ID. Useful for requesting
tenant data when bypassing an auth gateway.
Can also be set using LOKI_ORG_ID env var.
($LOKI_ORG_ID)
--query-tags="" adds X-Query-Tags http header to API requests.
This header value will be part of `metrics.go`
statistics. Useful for tracking the query.
Can also be set using LOKI_QUERY_TAGS env var.
($LOKI_QUERY_TAGS)
--[no-]nocache adds Cache-Control: no-cache http header to API
requests. Can also be set using LOKI_NO_CACHE
env var. ($LOKI_NO_CACHE)
--bearer-token="" adds the Authorization header to API
requests for authentication purposes.
Can also be set using LOKI_BEARER_TOKEN env var.
($LOKI_BEARER_TOKEN)
--bearer-token-file="" adds the Authorization header to API requests
for authentication purposes. Can also be
set using LOKI_BEARER_TOKEN_FILE env var.
($LOKI_BEARER_TOKEN_FILE)
--retries=0 How many times to retry each query when
getting an error response from Loki. Can also
be set using LOKI_CLIENT_RETRIES env var.
($LOKI_CLIENT_RETRIES)
--min-backoff=0 Minimum backoff time between retries. Can also
be set using LOKI_CLIENT_MIN_BACKOFF env var.
($LOKI_CLIENT_MIN_BACKOFF)
--max-backoff=0 Maximum backoff time between retries. Can also
be set using LOKI_CLIENT_MAX_BACKOFF env var.
($LOKI_CLIENT_MAX_BACKOFF)
--auth-header="Authorization"
The authorization header used. Can also
be set using LOKI_AUTH_HEADER env var.
($LOKI_AUTH_HEADER)
--proxy-url="" The http or https proxy to use when
making requests. Can also be set
using LOKI_HTTP_PROXY_URL env var.
($LOKI_HTTP_PROXY_URL)
--[no-]compress Request that Loki compress returned
data in transit. Can also be set
using LOKI_HTTP_COMPRESSION env var.
($LOKI_HTTP_COMPRESSION)
--[no-]envproxy Use ProxyFromEnvironment to use net/http
ProxyFromEnvironment configuration, eg
HTTP_PROXY ($LOKI_ENV_PROXY)
--since=1h Lookback window.
--from=FROM Start looking for logs at this absolute time
(inclusive)
--to=TO Stop looking for logs at this absolute time
(exclusive)
--limit=30 Limit on number of series to return volumes for.
--targetLabels=TARGETLABELS ...
List of labels to aggregate results into.
--[no-]aggregateByLabels Whether to aggregate results by label name only.
--step=1h Query resolution step width, roll up volumes
into buckets cover step time each.
Args:
<query> eg '{foo="bar",baz=~".*blip"}`detected-fields` 命令参考
`logcli help detected-fields` 的输出
usage: logcli detected-fields [<flags>] <query> [<field>]
Run a query for detected fields..
The "detected-fields" command will return information about fields detected
using either the "logfmt" or "json" parser against the log lines returned by the
provided query for the provided time range.
The "detected-fields" command will output extra information about the query
and its results, such as the API URL, set of common labels, and set of excluded
labels. This extra information can be suppressed with the --quiet flag.
By default we look over the last hour of data; use --since to modify or provide
specific start and end times with --from and --to respectively.
Notice that when using --from and --to then ensure to use RFC3339Nano time
format, but without timezone at the end. The local timezone will be added
automatically or if using --timezone flag.
Example:
logcli detected-fields
--timezone=UTC
--from="2021-01-19T10:00:00Z"
--to="2021-01-19T20:00:00Z"
--output=jsonl
'my-query'
The output is limited to 100 fields by default; use --field-limit to increase.
The query is limited to processing 1000 lines per subquery; use --line-limit to
increase.
Flags:
--[no-]help Show context-sensitive help (also try --help-long
and --help-man).
--[no-]version Show application version.
-q, --[no-]quiet Suppress query metadata
--[no-]stats Show query statistics
-o, --output=default Specify output mode [default, raw, jsonl].
raw suppresses log labels and timestamp.
-z, --timezone=Local Specify the timezone to use when formatting output
timestamps [Local, UTC]
--output-timestamp-format=rfc3339
Specify the format of timestamps in the default
output mode [rfc3339, rfc3339nano, rfc822z,
rfc1123z, stampmicro, stampmilli, stampnano,
unixdate]
--cpuprofile="" Specify the location for writing a CPU profile.
--memprofile="" Specify the location for writing a memory profile.
--[no-]stdin Take input logs from stdin
--addr="https://:3100"
Server address. Can also be set using LOKI_ADDR
env var. ($LOKI_ADDR)
--username="" Username for HTTP basic auth. Can also be set
using LOKI_USERNAME env var. ($LOKI_USERNAME)
--password="" Password for HTTP basic auth. Can also be set
using LOKI_PASSWORD env var. ($LOKI_PASSWORD)
--ca-cert="" Path to the server Certificate Authority.
Can also be set using LOKI_CA_CERT_PATH env var.
($LOKI_CA_CERT_PATH)
--[no-]tls-skip-verify Server certificate TLS skip verify. Can also
be set using LOKI_TLS_SKIP_VERIFY env var.
($LOKI_TLS_SKIP_VERIFY)
--cert="" Path to the client certificate. Can also
be set using LOKI_CLIENT_CERT_PATH env var.
($LOKI_CLIENT_CERT_PATH)
--key="" Path to the client certificate key. Can also
be set using LOKI_CLIENT_KEY_PATH env var.
($LOKI_CLIENT_KEY_PATH)
--org-id="" adds X-Scope-OrgID to API requests for
representing tenant ID. Useful for requesting
tenant data when bypassing an auth gateway.
Can also be set using LOKI_ORG_ID env var.
($LOKI_ORG_ID)
--query-tags="" adds X-Query-Tags http header to API requests.
This header value will be part of `metrics.go`
statistics. Useful for tracking the query.
Can also be set using LOKI_QUERY_TAGS env var.
($LOKI_QUERY_TAGS)
--[no-]nocache adds Cache-Control: no-cache http header to API
requests. Can also be set using LOKI_NO_CACHE env
var. ($LOKI_NO_CACHE)
--bearer-token="" adds the Authorization header to API requests for
authentication purposes. Can also be set using
LOKI_BEARER_TOKEN env var. ($LOKI_BEARER_TOKEN)
--bearer-token-file="" adds the Authorization header to API requests
for authentication purposes. Can also be
set using LOKI_BEARER_TOKEN_FILE env var.
($LOKI_BEARER_TOKEN_FILE)
--retries=0 How many times to retry each query when
getting an error response from Loki. Can also
be set using LOKI_CLIENT_RETRIES env var.
($LOKI_CLIENT_RETRIES)
--min-backoff=0 Minimum backoff time between retries. Can also
be set using LOKI_CLIENT_MIN_BACKOFF env var.
($LOKI_CLIENT_MIN_BACKOFF)
--max-backoff=0 Maximum backoff time between retries. Can also
be set using LOKI_CLIENT_MAX_BACKOFF env var.
($LOKI_CLIENT_MAX_BACKOFF)
--auth-header="Authorization"
The authorization header used. Can also
be set using LOKI_AUTH_HEADER env var.
($LOKI_AUTH_HEADER)
--proxy-url="" The http or https proxy to use when
making requests. Can also be set
using LOKI_HTTP_PROXY_URL env var.
($LOKI_HTTP_PROXY_URL)
--[no-]compress Request that Loki compress returned
data in transit. Can also be set
using LOKI_HTTP_COMPRESSION env var.
($LOKI_HTTP_COMPRESSION)
--[no-]envproxy Use ProxyFromEnvironment to use net/http
ProxyFromEnvironment configuration, eg HTTP_PROXY
($LOKI_ENV_PROXY)
--limit=100 Limit on number of fields or values to return.
--line-limit=1000 Limit the number of lines each subquery is allowed
to process.
--since=1h Lookback window.
--from=FROM Start looking for logs at this absolute time
(inclusive)
--to=TO Stop looking for logs at this absolute time
(exclusive)
--step=10s Query resolution step width, for metric queries.
Evaluate the query at the specified step over the
time range.
Args:
<query> eg '{foo="bar",baz=~".*blip"} |~ ".*error.*"'
[<field>] The name of the field.使用 `--stdin` 在本地查询
您可以使用 logcli 的 `–stdin` 参数对本地机器上的日志文件运行命令,而不是针对 Loki 实例。这允许您使用 LogQL 查询本地日志文件,而无需将文件加载到 Loki 中,例如如果您下载了日志文件并想在 Loki 之外进行查询。
如果您的本地机器上有日志文件,并且只想对这些日志文件运行一些 LogQL 查询,`--stdin` 标志会很有帮助。
您可以使用 stdin 标志执行以下操作
- 作为一种快速方式,用于针对某些日志数据测试或验证 LogQL 表达式。
- 只需使用本地日志文件和 logcli 工具(无需设置 Loki 服务器、Grafana 等)即可学习 LogQL 的基础知识。
- 允许您在不访问 Loki 实例的情况下运行查询,从而启用故障排除。
- 使用 LogQL 从本地日志文件解析并提取数据,而无需将数据摄取到 Loki 中。
- 可以在公共论坛上进行讨论,例如提交问题和答案,以及分享 LogQL 表达式。
stdin 用法说明
- 使用 `--stdin` 时,`--limits` 标志没有任何意义(可以使用 pager 工具如 `less`)。
- 请注意,使用 `--stdin` 时没有标签。因此,查询中的流选择器是可选的,例如,`|="timeout"|logfmt|level="error"` 与 `{foo="bar"}|="timeout|logfmt|level="error"` 相同。
注意
目前 stdin 不支持任何类型的指标查询。
stdin 示例
- 行过滤器 - `cat mylog.log | logcli --stdin query '|="too many open connections"'`
- 标签匹配器 - `echo 'msg="timeout happened" level="warning"' | logcli --stdin query '|logfmt|level="warning"'`
- 不同的解析器 (logfmt, json, pattern, regexp) - `cat mylog.log | logcli --stdin query '|pattern <ip> - - <_> "<method> <uri> <_>" <status> <size> <_> "<agent>" <_>'`
- 行格式化器 - `cat mylog.log | logcli --stdin query '|logfmt|line_format "{{.query}} {{.duration}}"'`
批量处理
logcli 以批量方式向 Loki 发送查询,以便查询结果分批返回。
logcli query 命令的 `--limit` 选项限制单次查询返回的日志行总数。未设置时,`--limit` 默认为 30。此限制可防止在指定查询返回大量日志行时用户使 Loki 过载。此限制也保护用户免受意外的大型响应。
较大的结果集可以进行批量处理以便更轻松地消费。使用 `--batch` 选项控制每批返回的日志行结果数量。未设置时,`--batch` 默认为 1000。
将 `--limit` 值设置得大于 `--batch` 值将导致从 logcli 发送到 Loki 的请求进行批量处理。
在 Loki 中运行查询时,它将返回最多一定数量的日志行。默认情况下,此限制为 5000 行。您可以在 Loki 的配置中通过 `limits_config.max_entries_limit_per_query` 配置此服务器限制。
批量处理允许您查询大于此服务器端限制的结果集,前提是 `--batch` 值小于服务器限制。
每个批次的查询元数据都输出到 stderr。要禁止输出查询元数据,请在 logcli query 命令行上设置 `--quiet` 选项。
logcli 查询示例
以下是一些 logcli 示例。
查找标签的所有值。
logcli labels jobhttps://logs-dev-ops-tools1.grafana.net/api/prom/label/job/values
loki-ops/consul
loki-ops/loki-gw打印所有标签及其唯一值。此命令对于查找索引中的高基数标签特别有用。
logcli series '{cluster="vinson"}' --analyze-labels2024/10/31 13:46:25 https://logs-prod-008.grafana.net/loki/api/v1/series?end=1730382385746344416&match=%7Bcluster%3D%22vinson%22%7D&start=1730378785746344416
Total Streams: 10
Unique Labels: 10
Label Name Unique Values Found In Streams
service_name 8 10
pod 7 7
job 6 10
app_kubernetes_io_name 6 6
container 5 7
namespace 3 10
stream 2 7
flags 1 7
instance 1 3
cluster 1 10获取给定流的所有日志
logcli query '{job="loki-ops/consul"}'https://logs-dev-ops-tools1.grafana.net/api/prom/query?query=%7Bjob%3D%22loki-ops%2Fconsul%22%7D&limit=30&start=1529928228&end=1529931828&direction=backward®exp=
Common labels: {job="loki-ops/consul", namespace="loki-ops"}
2018-06-25T12:52:09Z {instance="consul-8576459955-pl75w"} 2018/06/25 12:52:09 [INFO] raft: Snapshot to 475409 complete
2018-06-25T12:52:09Z {instance="consul-8576459955-pl75w"} 2018/06/25 12:52:09 [INFO] raft: Compacting logs from 456973 to 465169打印给定流选择器的所有日志流。此示例显示与您的查询匹配的所有已知标签组合。
logcli series -q --match='{namespace="loki",container_name="loki"}'{app="loki", container_name="loki", controller_revision_hash="loki-57c9df47f4", filename="/var/log/pods/loki_loki-0_8ed03ded-bacb-4b13-a6fe-53a445a15887/loki/0.log", instance="loki-0", job="loki/loki", name="loki", namespace="loki", release="loki", statefulset_kubernetes_io_pod_name="loki-0", stream="stderr"}Logcli 故障排除
确保您使用的 Logcli 版本与您的 Loki 版本匹配。您可以使用以下命令检查您的 logcli 版本
logcli –version如果您遇到超时问题,可以在 `logcli-config.yaml` 文件中更新以下设置。
limits_config:
query_timeout: 10m
