Kibana KQL cheat sheet
Search logs containing the exact text
message: "my search term"
Search logs containing the wildcard text
message: *search*
Search logs with and, or, not
((message: "text 1" OR "text 2") AND (message: *text3*) AND NOT (message: "text 4"))
Search logs where message field exists
message: *
Search logs where message field not exists
NOT message: *
Search logs by level:
(level: "INFO" OR level: "WARN" OR level: "ERROR" OR level: "DEBUG" OR level: "TRACE")
Search logs by kubernetes pod name:
kubernetes.pod.name: example-service-name-*
Search logs by kubernetes container name:
kubernetes.container.name: "example-container-name"
Common fields:
- @timestamp
- message
- level
- kubernetes.pod.name
- kubernetes.container.name
Comments
Post a Comment