LogQL is the query language used in Grafana Loki to query logs. It is a powerful query language that allows you to filter, aggregate, and search for logs and should be familiar to anyone who has used SQL or PromQL.
Where LogQL differs from PromQL is it's trailing pipeline syntax, or log pipeline. A log pipeline is a set of stage expressions that are chained together and applied to the selected log streams. Each expression can filter out, parse, or mutate log lines and their respective labels.
A LogQL query is composed by two main parts: the stream selector (the query) and the log pipeline (the transformation).
The stream selector is used to select logs based on their labels. The stream selector is a set of label-value pairs that are used to filter logs. For example:
This will return all logs where the label
label has the value
value. LogQL refer to this as the stream selector.
Similar to PromQL, LogQL supports a set of operators for comparing labels and values:
=~- Regular expression match
!~- Regular expression mismatch
=- Label value match
!=- Label value mismatch
>- Greater than (numeric)
<- Less than (numeric)
The log pipeline is a set of stage expressions that are chained together and applied to the selected log streams. Each expression can filter out, parse, or mutate log lines and their respective labels.
Consider the following example:
This query will:
- Select all logs where the label
apphas the value
- Parse the log line as JSON
- Filter out all formatting and parsing errors.
- Filter out logs where the
levelfield is not
LogQL supports a set of operators for filtering and transforming logs in addition to the stream selector operators. The following operators are supported in LogQL:
|=- Log line contains string
!=- Log line does not contain string
|~- Log line contains a match to the regular expression
!~- Log line does not contain a match to the regular expression