Useful queries

groundcover recommends using as many "strong" filters as possible, like time filters, workload and namespaces filters, log level filters, etc.

These will help making free text and attribute searches much faster and efficient.

The $__timeFilter condition enforces time range limits on the query, which are selected based on the time window selected for the query.

Counting error logs

The query uses the count() operator to get the number of error logs in the defined time window.

SELECT    count()   as log_count,
          workload  as workload,
          namespace as namespace
FROM      groundcover.logs
WHERE     $__timeFilter(timestamp) 
          AND level = 'error'
GROUP     BY workload, namespace

groundcover always saves log levels as lower-cased values, e.g: 'error', 'info'.

Free text search

The query uses the count() operator to get the number of logs generated by the kafkajs-events-consumer workload, which contain the phrase Connection timeout.

SELECT    count()   AS log_count
FROM      groundcover.logs
WHERE     $__timeFilter(timestamp) 
          AND workload = 'kafkajs-events-consumer'
          AND content LIKE '%Connection timeout%'

Selecting and filtering by log attributes

Using formatted logs allows groundcover to automatically extract attributes from the log, which can then be used in alerts and dashboards.

For example, let's look at the following json-formatted log:

{ 
        "http.req.id": "99419211-7283-467f-8d39-b3c4be7a98c2", 
        "http.req.method": "GET",
        "http.req.path": "/product/ZZZZZZZ011", 
        "session": "e17d3d07-13f6-430b-85ed-290863388766", 
        "severity": "debug", 
        "timestamp": "2024-07-11T10:40:42.812301569Z" 
}

The following query uses the string_attributes column to query the "http.req.method" attribute and filter for GET requests:

SELECT    count()   AS log_count
FROM      groundcover.logs
WHERE     $__timeFilter(timestamp) 
          AND string_attributes['http.req.method'] = 'GET'

Last updated 1 month ago