Query your logs

groundcover supports a rich set of features for log management, from collection to analysis. In addition, it fully supports defining alerts and dashboards based on a variety of attributes in your logs. This guide will explore how to get started querying your logs in our embedded Grafana.

The ClickHouse datasource

groundcover uses ClickHouse as its database for storing logs. When building log based alerts or dashboards in our embedded Grafana, the ClickHouse datasource needs to be selected in order to query the logs stored.

Querying the Logs table

See this page for examples you can get started with!

ClickHouse supports standard SQL syntax, which can be used to query the table storing your logs.

For example, the following query will return the count of logs in the selected time range:

SELECT    count() as log_count
FROM      groundcover.logs
WHERE     $__timeFilter(timestamp)

Commonly used fields in the Logs table

Below is a list of the most commonly used fields in the Logs table, which should serve the majority of the use cases for alerting.

Can't find what you're looking for? Let us know over Slack!

Name

Type

Notes

timestamp

DateTime64

content

String

content log attribute if exists, entire log body otherwise

cluster

String

workload

String

namespace

String

k8s only

pod_name

String

k8s only

node_name

String

k8s only

level

String

lower-cased, e.g: 'info', 'error', 'fatal'...

format

String

'json', 'logfmt'...

env

String

See support for env name

string_attributes

Map(String,String)

String attributes extracted from formatted logs; empty for unformatted logs

float_attributes

Map(String, Float64)

Numeric attributes extracted from formatted logs; empty for unformatted logs

Last updated 7 months ago