top | item 39980557

(no title)

pluies | 1 year ago

Fwiw this is how I use Loki most of the time. Pick an app label, pick a time period, look at raw logs. The LogQL for this ends up something like `{app="workload-foo"}`. Loki is excellent at that.

Then if I know which pod I'll filter down to a specific pod with `{pod="workload-foo-1234"}`, sometimes I'll search for a specific term (error message etc) with `{pod="workload-foo-1234"} |= "error message"` then look at the logs around that. There's really no point writing complicated queries unless you need to.

discuss

umanwizard|1 year ago

That will, if I understand correctly, get the logs for one pod, not for one process. For example if the pod restarted 10 times you will not get 10 separate files from that query.

sofixa|1 year ago

You'd have the label shown in the output that indicates the log line in question is from a different process/pod/container/host/whatever.

liampulles|1 year ago

Even more than that, if you are running multiple instances of the app in multiple pods concurrently, then all of those logs will be joined together.