Logs
Logs are timestamped records of events in your application. They're the most detailed record of what happened and when, making them essential for debugging and auditing.
When to Use Logs
Logs are ideal for:
- Debugging errors: Stack traces, error messages, unexpected states
- Audit trails: Who did what and when
- Detailed investigations: Understanding specific request flows
For high-level monitoring and alerting, consider metrics instead - they're more efficient for aggregated data.
How Logs Reach Loki
Depending on your setup:
| Setup | How Logs Are Collected |
|---|---|
| PaaS (stdout) | Vector automatically collects container logs |
| PaaS (OTLP) | Your app sends logs via OpenTelemetry (coming soon) |
| Puppet VMs | pmodule_vector ships logs from files |
| External | Your collector sends logs with authentication |
All logs end up in Loki, our log aggregation backend.
Viewing Logs
- Go to Grafana
- Open Explore
- Select your Loki data source
- Write a LogQL query
Basic Query Examples
Find logs from a specific namespace:
{namespace="my-namespace"}
Find error logs:
{namespace="my-namespace"} |= "error"
Filter by multiple conditions:
{namespace="my-namespace", app="my-app"} |= "error" != "expected"
Query Language
Loki uses LogQL for querying logs. Key concepts:
- Stream selectors:
{label="value"}- filter by labels - Line filters:
|= "text"- filter log content - Parsers:
| json- parse structured logs - Aggregations:
count_over_time()- compute statistics
Next Steps
- LogQL Best Practices - Write efficient queries
- Grafana Explore - Interactive log exploration