TechQA.

How to use boolean and/or condition to check for specific message

297 views Asked by At

In Splunk query for searching text in log message is like ('condition 1' AND 'condition 2') OR ('condition 3'). How can the same be achieved in Grafana Loki/LogQL?

I tried using below query in Grafana and it works for AND condition only

{k8s_container_name="container"}
 | json
 | line_format `{{.body}}`
 | json
 |= `condition 1`
 |= `condition 2`

Need suggestion how to add an OR block for condition 3 to above query

grafana grafana-loki logql
Original Q&A
1

There are 1 answers

1
markalex On BEST ANSWER

There is no general solution for or in stream selectors.

In this specific case, though, your goal can be accomplished with following query:

{k8s_container_name="container"}
 | json 
 | (body =~ `.*condition 1.*` and body =~ `.*condition 2.*`) or body =~ `.*condition 3.*`
 | line_format `{{.body}}`
 | json

Here instead of line filter expressions I use label filter. They can be grouped using and and or. For more information see documentation for label filter expressions.

Note also, that =~ and !~ regex operators are fully anchored. That why all the .* needed in the expressions.

In more broader situation, as far as I know, you cannot apply or over |= operator. The best what can be done is using |~ instead, with logic incorporated into regex.

In your example, expression will be like this:

|~ `condition1.*condition2|condition2.*condition1|condition3`

Related Questions in GRAFANA

Related Questions in GRAFANA-LOKI

Related Questions in LOGQL

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions