Dokumen ini memberikan saran kueri untuk mempermudah Anda menemukan log penting menggunakan Logs Explorer di konsol Google Cloud .
Kueri yang tercantum ditulis dalam
bahasa kueri Logging,
dan dapat digunakan di
Logs Explorer, Logging API, atau
antarmuka command line.
Logs Explorer menggunakan ekspresi Boolean untuk menentukan subset dari semua
entri log di project Anda. Anda dapat menggunakan kueri ini untuk memilih entri log
dari log atau layanan log tertentu, atau yang memenuhi kondisi pada metadata atau
kolom yang ditentukan pengguna.
Sebelum memulai
Pastikan Anda memiliki izin atau peran Identity and Access Management yang benar untuk membuat kueri menggunakan Logs Explorer. Untuk mengetahui detail tentang izin IAM yang diperlukan, lihat Izin untuk konsol Google Cloud .
Mulai
-
Di konsol Google Cloud , buka
segmen
Logs Explorer:
Buka Logs Explorer
Jika Anda menggunakan kotak penelusuran untuk menemukan halaman ini, pilih hasil yang subjudulnya adalah
Logging.
Pilih Google Cloud project atau Google Cloud
resource lain yang sesuai untuk melihat log.
Menggunakan contoh kueri
Untuk menerapkan kueri dari tabel berikut, klik ikon
content_copy Salin Konten untuk ekspresi,
lalu tempelkan ekspresi yang disalin ke
kolom editor kueri Logs Explorer.
Screenshot berikut menggambarkan panel kueri:
Jika Anda tidak melihat kolom editor kueri, aktifkan Show query.
Setelah Anda meninjau ekspresi kueri, klik Jalankan kueri. Log yang cocok dengan
kueri Anda akan tercantum di bagian Query results.
Beberapa kueri yang tercantum di halaman ini menyertakan variabel yang harus Anda ganti dengan nilai yang valid. Misalnya, jika kueri menyertakan logName, maka
PROJECT_ID yang Anda berikan harus merujuk ke project
Google Cloud yang dipilih; jika tidak, kueri tidak akan berfungsi.
Perhatikan hal berikut:
Jika Anda memiliki kueri dengan stempel waktu, pemilih rentang waktu dinonaktifkan, dan kueri menggunakan ekspresi stempel waktu sebagai batasan rentang waktunya. Jika kueri tidak menggunakan ekspresi stempel waktu, kueri
menggunakan pemilih rentang waktu sebagai batasan rentang waktunya.
Panjang kueri tidak boleh melebihi 20.000 karakter.
Bahasa kueri logging
tidak peka huruf besar/kecil, kecuali untuk ekspresi reguler.
Anda dapat menggunakan fungsi log_id untuk kueri dengan ekspresi log_name. Misalnya, ekspresi
log_name="projects/PROJECT_ID/logs/cloudaudit.googleapis.com%2Fdata_access"
sama dengan log_id("cloudaudit.googleapis.com/data_access").
Untuk mengetahui informasi selengkapnya tentang fungsi log_id, lihat
Bahasa kueri logging: Fungsi.
Untuk mengetahui petunjuk tentang cara membuat kueri di konsol Google Cloud , lihat
Membuat kueri di Logs Explorer.
Bagian berikut mengelompokkan kueri menurut Google Cloud layanan.
Kueri App Engine
| Nama kueri/filter |
Ekspresi |
| Log App Engine dari Malam Tahun Baru (dalam waktu UTC) |
resource.type="gae_app" AND
severity>=ERROR AND
timestamp>="2018-12-31T00:00:00Z" AND timestamp<="2019-01-01T00:00:00Z" |
| Log permintaan App Engine dengan error server |
resource.type="gae_app" AND
log_id("appengine.googleapis.com/request_log") AND
httpRequest.status>=500 |
| Log error HTTP yang diambil sampelnya |
resource.type="gae_app" AND
protoPayload.status >= 400 AND
sample(insertId, 0.1)
|
| Menelusuri ID rekaman aktivitas App Engine |
resource.type="gae_app" AND
trace="projects/PROJECT_ID/traces/TRACE_ID" |
| Log App Engine |
resource.type="gae_app" AND
resource.labels.module_id="MODULE_ID" AND
resource.labels.version_id="VERSION_ID" |
| Deployment App Engine terbaru |
resource.type="gae_app" AND
protoPayload."@type"="type.googleapis.com/google.cloud.audit.AuditLog" AND
protoPayload.serviceName="appengine.googleapis.com" |
Kueri pengaktifan dan penonaktifan API
| Nama kueri/filter |
Ekspresi |
| Log pengaktifan Audit API |
protoPayload.methodName="google.api.serviceusage.v1.ServiceUsage.EnableService" |
| Log penonaktifan Audit API |
protoPayload.methodName="google.api.serviceusage.v1.ServiceUsage.DisableService" |
Kueri BigQuery
| Nama kueri/filter |
Ekspresi |
| Log audit BigQuery |
resource.type=("bigquery_dataset" OR "bigquery_project") AND
logName:"cloudaudit.googleapis.com" |
| Log audit BigQuery untuk project |
resource.type="bigquery_project" AND
logName:"cloudaudit.googleapis.com" |
| Log audit BigQuery untuk set data |
resource.type="bigquery_dataset" AND
logName:"cloudaudit.googleapis.com" |
| Log audit BigQuery untuk Model BI Engine |
resource.type="bigquery_biengine_model" AND
logName:"cloudaudit.googleapis.com" |
| Log audit BigQuery untuk Operasi Data Transfer Service. |
resource.type="bigquery_dts_run" AND
logName:"cloudaudit.googleapis.com" |
| Log audit BigQuery untuk konfigurasi Data Transfer Service. |
resource.type="bigquery_dts_config" AND
logName:"cloudaudit.googleapis.com" |
| Tugas BigQuery Data Transfer Service |
resource.type=("bigquery_project") AND
protoPayload.requestMetadata.callerSuppliedUserAgent=
"BigQuery Data Transfer Service" AND
protoPayload.methodName=("google.cloud.bigquery.v2.JobService.InsertJob" OR
"google.cloud.bigquery.v2.JobService.Query") |
| Log operasi transfer BigQuery |
resource.type="bigquery_dts_config" AND
labels.run_id="RUN_ID" AND
resource.labels.config_id="CONFIG_ID" |
| Pembaruan set data BigQuery |
resource.type="bigquery_dataset" AND
log_id("cloudaudit.googleapis.com/activity") AND
protoPayload.methodName=
"google.cloud.bigquery.v2.DatasetService.UpdateDataset" |
| Tugas BigQuery selesai |
resource.type="bigquery_project" AND
log_id("cloudaudit.googleapis.com/data_access") AND
protoPayload.methodName=("google.cloud.bigquery.v2.JobService.InsertJob"
OR "google.cloud.bigquery.v2.JobService.Query") |
| Kueri besar BigQuery |
resource.type="bigquery_project" AND
protoPayload.metadata.jobChange.job.jobStats.queryStats.totalBilledBytes
> 1073741824 |
| Kuota BigQuery terlampaui |
resource.type=("bigquery_dataset" OR "bigquery_project")
AND
protoPayload.status.code=8 AND
severity>=WARNING |
| Kueri BigQuery dimulai |
resource.type="bigquery_project" AND
protoPayload.metadata.jobInsertion.reason:* |
| Tugas pemuatan/ekstraksi serentak BigQuery |
resource.type="bigquery_resource" AND
protoPayload.methodName="jobservice.insert" AND
protoPayload.serviceData.jobInsertRequest.resource.jobConfiguration.query.query:
"extract" |
| Log audit BigQuery untuk Kebijakan Akses Tingkat Baris |
protoPayload.methodName="jobservice.insert" AND
protoPayload.serviceData.jobInsertRequest.resource.jobConfiguration.query.query:"ROW ACCESS POLICY" |
Kueri Dataflow
| Nama kueri/filter |
Ekspresi |
| Error dan peringatan di pekerja Dataflow |
resource.type="dataflow_step" AND
log_id("dataflow.googleapis.com/worker") AND
severity>=WARNING |
Kueri Dataproc
| Nama kueri/filter |
Ekspresi |
| Log Apache Hadoop Dataproc |
resource.type="cloud_dataproc_cluster" AND
jsonPayload.class:"org.apache.hadoop.mapreduce" |
Cloud Deployment Manager
| Nama kueri/filter |
Ekspresi |
| Error Deployment Manager |
resource.type="deployment" AND
severity>=ERROR |
Kueri Cloud Run Functions
| Nama kueri/filter |
Ekspresi |
| Error Cloud Function |
resource.type="cloud_function" AND
log_id("cloudfunctions.googleapis.com/cloud-functions") AND
severity>=ERROR |
Kueri Cloud Monitoring
| Nama kueri/filter |
Ekspresi |
|---|
Menampilkan semua kesalahan saluran notifikasi
|
resource.type="stackdriver_notification_channel" AND
severity>=ERROR |
Menampilkan error saluran notifikasi
karena pembatasan |
resource.type="stackdriver_notification_channel" AND
severity>=ERROR AND
jsonPayload.summary="Notification delivery throttled." |
Tampilkan log yang ditulis oleh
resource uptime |
resource.type="uptime_url" |
Menampilkan permintaan yang diterima dari
layanan pemeriksaan waktu beroperasi |
"GoogleStackdriverMonitoring-UptimeChecks" |
Kueri Cloud Run
| Nama kueri/filter |
Ekspresi |
| Log Cloud Run untuk tugas tertentu |
resource.type="cloud_run_job" AND
resource.labels.service_name="JOB_NAME"
|
| Log Cloud Run untuk revisi dan layanan tertentu |
resource.type="cloud_run_revision" AND
resource.labels.service_name="SERVICE_NAME" |
Kueri Cloud Source Repositories
| Nama kueri/filter |
Ekspresi |
| Log Cloud Source Repository |
resource.type="csr_repository" AND
resource.labels.name="REPOSITORY_NAME" |
Kueri Spanner
| Nama kueri/filter |
Ekspresi |
| Log Cloud Spanner untuk instance Spanner tertentu |
resource.type="spanner_instance" AND
resource.labels.instance_id="SPANNER_INSTANCE" |
Kueri Cloud SQL
| Nama kueri/filter |
Ekspresi |
| Log audit Cloud SQL |
resource.type="cloudsql_database" AND
resource.labels.database_id="DATABASE_ID" AND
log_id("cloudaudit.googleapis.com/activity") |
| Log error MySQL Cloud SQL |
resource.type="cloudsql_database" AND
log_id("cloudsql.googleapis.com/mysql.err") |
| Database berbasis MySQL Cloud SQL |
resource.type="cloudsql_database" AND
resource.labels.database_id="DATABASE_ID" AND
log_id("cloudsql.googleapis.com/mysql") |
| Database berbasis Cloud SQL Postgres |
resource.type="cloudsql_database" AND
resource.labels.database_id="DATABASE_ID" AND
log_id("cloudsql.googleapis.com/postgres.log") |
| Log error SQL Server Cloud SQL |
resource.type="cloudsql_database" AND
log_id("cloudsql.googleapis.com/sqlserver.err") |
| Database berbasis SQL Server Cloud SQL |
resource.type="cloudsql_database" AND
resource.labels.database_id="DATABASE_ID" AND
log_id("cloudsql.googleapis.com/sqlagent.out") |
Kueri Cloud Storage
| Nama kueri/filter |
Ekspresi |
| Log bucket GCS |
resource.type="gcs_bucket" AND
resource.labels.bucket_name="BUCKET_NAME" |
| Log audit bucket GCS |
resource.type="gcs_bucket" AND
logName:"cloudaudit.googleapis.com" |
| Log pembuatan bucket GCS |
resource.type="gcs_bucket" AND
log_id("cloudaudit.googleapis.com/activity") AND
protoPayload.method_name="storage.buckets.create" |
| Log penghapusan bucket GCS |
resource.type="gcs_bucket" AND
log_id("cloudaudit.googleapis.com/activity") AND
protoPayload.method_name="storage.buckets.delete" |
Kueri Cloud Tasks
| Nama kueri/filter |
Ekspresi |
| Log antrean Cloud Tasks |
resource.type="cloud_tasks_queue" AND
resource.labels.queue_id="QUEUE_ID" |
Kueri Compute Engine
| Nama kueri/filter |
Ekspresi |
| Log Aktivitas Admin Compute Engine |
resource.type="gce_instance" AND
log_id("cloudaudit.googleapis.com/activity") |
| Penghapusan aturan firewall Compute Engine |
resource.type="gce_firewall_rule" AND
log_id("cloudaudit.googleapis.com/activity") AND
protoPayload.methodName:"firewalls.delete" |
| Syslog VM Compute Engine |
resource.type="gce_instance" AND
log_id("syslog") |
| Authlog VM Compute Engine |
resource.type="gce_instance" AND
log_id("authlog") |
| Error Host Compute Engine |
resource.type="gce_instance"
protoPayload.serviceName="compute.googleapis.com"
(protoPayload.methodName:"compute.instances.hostError"
OR
operation.producer:"compute.instances.hostError")
log_id("cloudaudit.googleapis.com/system_event")
resource.labels.instance_id="INSTANCE_ID"
severity=INFO
|
| Peringatan Memori Host Compute Engine |
resource.type="gce_instance" AND
protoPayload.serviceName="compute.googleapis.com" AND
(jsonPayload.methodName:"compute.instances.host_event_notify"
OR
operation.producer:"compute.instances.host_event_notify") AND
log_id("cloudaudit.googleapis.com/host_event_notify") AND
resource.labels.instance_id="INSTANCE_ID" AND
severity=CRITICAL
|
| Host Compute Engine Dimigrasikan |
resource.type="gce_instance"
protoPayload.serviceName="compute.googleapis.com"
(protoPayload.methodName:
"compute.instances.migrateOnHostMaintenance"
OR
operation.producer:
"compute.instances.migrateOnHostMaintenance")
log_id("cloudaudit.googleapis.com/system_event")
resource.labels.instance_id="INSTANCE_ID"
severity=INFO |
| VM Compute Engine Dihentikan/Di-preempt |
resource.type="gce_instance"
protoPayload.methodName=~"compute\.instances\.(guestTerminate|preempted)"
log_id("cloudaudit.googleapis.com/system_event")
resource.labels.instance_id="INSTANCE_ID" |
| VM Compute Engine dihentikan karena Kegagalan Pembuatan Disk Sementara |
resource.type="gce_instance"
protoPayload.serviceName="compute.googleapis.com"
(protoPayload.methodName="compute.instances.scratchDiskCreationFailed"
OR
operation.producer:
"compute.instances.scratchDiskCreationFailed)
log_id("cloudaudit.googleapis.com/system_event")
resource.labels.instance_id="INSTANCE_ID"
severity=INFO |
| Instance VM Compute Engine Dibuat |
resource.type="gce_instance"
protoPayload.methodName:"compute.instances.insert"
log_id("cloudaudit.googleapis.com/activity")
protoPayload.request.name="INSTANCE_NAME" |
| Instance VM Compute Engine Dihapus dengan Nama |
resource.type="gce_instance"
protoPayload.methodName:"compute.instances.delete"
log_id("cloudaudit.googleapis.com/activity")
protoPayload.resourceName:"INSTANCE_NAME" |
| Instance VM Compute Engine Dihapus dengan ID |
resource.type="gce_instance"
protoPayload.methodName:"compute.instances.delete"
log_id("cloudaudit.googleapis.com/activity")
resource.labels.instance_id="INSTANCE_ID" |
| Instance VM Compute Engine Dimulai Ulang |
resource.type="gce_instance"
protoPayload.methodName=~"compute\.instances\.(
stop|reset|automaticRestart|guestTerminate|
instanceManagerHaltForRestart)"
(log_id("cloudaudit.googleapis.com/activity")
OR log_id("cloudaudit.googleapis.com/system_event"))
resource.labels.instance_id="INSTANCE_ID" |
| Kegagalan Integritas Boot VM Shielded Compute Engine |
resource.type="gce_instance"
log_id("compute.googleapis.com/shielded_vm_integrity")
jsonPayload.earlyBootReportEvent.policyEvaluationPassed="false"
resource.labels.instance_id="INSTANCE_ID" |
| Instance VM Compute Engine dihentikan oleh OS Tamu |
resource.type="gce_instance"
protoPayload.serviceName="compute.googleapis.com"
(protoPayload.methodName:"compute.instances.guestTerminate" OR
operation.producer:"compute.instances.guestTerminate")
log_id("cloudaudit.googleapis.com/system_event")
resource.labels.instance_id="INSTANCE_ID"
severity=INFO |
| File booting VM Shielded Compute Engine diblokir |
resource.type="gce_instance"
log_id("serialconsole.googleapis.com/serial_port_1_output")
textPayload:("Security Violation")
resource.labels.instance_id="INSTANCE_ID" |
| Persistent Disk Dibuat |
resource.type="gce_disk" AND
protoPayload.methodName:"compute.disks.insert" AND
log_id("cloudaudit.googleapis.com/activity") AND
protoPayload.resourceName: "PERSISTENT_DISK_NAME" |
| Node yang ditambahkan di Node Tenant Tunggal |
resource.type="gce_node_group"
log_id("cloudaudit.googleapis.com/activity")
protoPayload.methodName=~("compute.nodeGroups.addNodes"
OR "compute.nodeGroups.insert")
resource.labels.node_group_id="NODE_GROUP_ID"
severity="INFO" |
| Peristiwa penskalaan otomatis di Sole Tenant Node |
resource.type="gce_node_group"
log_id("cloudaudit.googleapis.com/system_event")
protoPayload.methodName=~("compute.nodeGroups.deleteNodes"
OR "compute.nodeGroups.addNodes")
resource.labels.node_group_id="NODE_GROUP_ID" |
| Snapshot Manual Diambil |
resource.type="gce_snapshot"
log_id("cloudaudit.googleapis.com/activity")
protoPayload.methodName:"compute.snapshots.insert"
protoPayload.resourceName:"SNAPSHOT_NAME" |
| Snapshot Terjadwal Diambil |
resource.type="gce_disk"
log_id("cloudaudit.googleapis.com/system_event")
protoPayload.methodName="ScheduledSnapshots"
protoPayload.response.operationType="createSnapshot"
protoPayload.response.targetLink="PERSISTENT_DISK_NAME" |
| Jadwal Snapshot Dibuat |
resource.type="gce_resource_policy"
log_id("cloudaudit.googleapis.com/activity")
protoPayload.methodName:"compute.resourcePolicies.insert"
protoPayload.request.name="SCHEDULE_NAME" |
| Jadwal Snapshot Terlampir |
resource.type="gce_disk"
log_id("cloudaudit.googleapis.com/activity")
protoPayload.methodName:"compute.disks.addResourcePolicies"
protoPayload.request.resourcePolicys:"SCHEDULE_NAME"
protoPayload.resourceName:"PERSISTENT_DISK_NAME" |
| Melebihi Kuota |
resource.type="gce_instance"
protoPayload.methodName:"compute.instances.insert"
protoPayload.status.message:"QUOTA_EXCEEDED"
severity=ERROR |
| Mengueri instance yang tidak sehat dalam grup instance |
resource.type="gce_instance_group"
resource.labels.instance_group_name="INSTANCE_GROUP_NAME"
jsonPayload.healthCheckProbeResult.healthState="UNHEALTHY" |
| Membuat kueri anggota grup instance dalam jangka waktu dalam format waktu UTC |
resource.type="gce_instance_group_manager"
resource.labels.instance_group_manager_name="INSTANCE_GROUP_NAME"
jsonPayload.@type=
"type.googleapis.com/compute.InstanceGroupManagerEvent"
jsonPayload.instanceHealthStateChange.detailedHealthState="HEALTHY"
timestamp >= START_TIME timestamp <= END_TIME |
| Instance ditambahkan ke Grup Instance |
resource.type="gce_instance_group"
protoPayload.methodName:"compute.instanceGroups.addInstances"
log_id("cloudaudit.googleapis.com/activity")
resource.labels.instance_group_name="INSTANCE_GROUP_NAME" |
| Instance dihapus dari Grup Instance |
resource.type="gce_instance_group"
protoPayload.methodName:"compute.instanceGroups.removeInstances"
log_id("cloudaudit.googleapis.com/activity")
resource.labels.instance_group_name="INSTANCE_GROUP_NAME" |
| Template instance disetel atau diperbarui |
resource.type="gce_instance_group_manager"
log_id("cloudaudit.googleapis.com/activity")
protoPayload.methodName=
"v1.compute.instanceGroupManagers.setInstanceTemplate"
resource.labels.instance_group_manager_name="INSTANCE_GROUP_MANAGER" |
| Aturan firewall dihapus |
resource.type="gce_firewall_rule"
log_id("cloudaudit.googleapis.com/activity")
protoPayload.methodName:"firewalls.delete" |
| Log firewall |
resource.type="gce_subnetwork"
log_id("compute.googleapis.com/firewall")
jsonPayload.instance.vm_name="INSTANCE_NAME" |
Kueri Google Cloud Observability
| Nama kueri/filter |
Ekspresi |
| Aktivitas sink log |
resource.type="logging_sink" AND
log_id("cloudaudit.googleapis.com/activity") |
| Aktivitas pembuatan atau pembaruan metrik berbasis log |
resource.type="metric" AND
log_id("cloudaudit.googleapis.com/activity") AND
protoPayload.methodName:(UpdateLogMetric OR CreateLogMetric) |
| Pemeriksaan URL uptime untuk host |
resource.type="uptime_url" AND
resource.labels.host="URL" |
Kueri Identity and Access Management
| Nama kueri/filter |
Ekspresi |
| Log pembuatan akun layanan |
resource.type="service_account" AND
log_id("cloudaudit.googleapis.com/activity") AND
protoPayload.methodName="google.iam.admin.v1.CreateServiceAccount" |
| Log kunci pembuatan akun layanan |
resource.type="service_account" AND
log_id("cloudaudit.googleapis.com/activity") AND
protoPayload.methodName="google.iam.admin.v1.CreateServiceAccountKey" |
| Menetapkan log kebijakan kontrol akses |
resource.type="project" AND
log_id("cloudaudit.googleapis.com/activity") AND
protoPayload.methodName="SetIamPolicy" |
| Principal eksternal diberi akses ke organisasi |
resource.type="project" AND
log_id("cloudaudit.googleapis.com/activity") AND
protoPayload.@type="type.googleapis.com/google.cloud.audit.AuditLog" AND
protoPayload.request.@type:"IamPolicy" AND
protoPayload.serviceData.policyDelta.bindingDeltas.member:* AND
NOT protoPayload.serviceData.policyDelta.bindingDeltas.member:"@DOMAIN_NAME.com" |
| Pembuatan, modifikasi, atau penghapusan resource |
log_id("cloudaudit.googleapis.com/activity") AND
protoPayload.methodName:("create" OR "delete" OR "update") |
| Peran diberikan kepada akun utama |
log_id("cloudaudit.googleapis.com/activity") AND
resource.type="project" AND
protoPayload.serviceName="cloudresourcemanager.googleapis.com" AND
protoPayload.methodName="SetIamPolicy" AND
protoPayload.serviceData.policyDelta.bindingDeltas.action="Add" AND
protoPayload.serviceData.policyDelta.bindingDeltas.member:"EMAIL_ID" |
| Peran dihapus dari principal |
log_id("cloudaudit.googleapis.com/activity") AND
resource.type="project" AND
protoPayload.serviceName="cloudresourcemanager.googleapis.com" AND
protoPayload.methodName="SetIamPolicy" AND
protoPayload.serviceData.policyDelta.bindingDeltas.action="Remove" AND
protoPayload.serviceData.policyDelta.bindingDeltas.member:"EMAIL_ID" |
| Izin diperbarui dalam peran khusus |
log_id("cloudaudit.googleapis.com/activity") AND
resource.type="iam_role" AND
protoPayload.serviceName="iam.googleapis.com" AND
protoPayload.methodName:"UpdateRole" AND
resource.labels.role_name:"ROLE_ID" |
Kueri terkait Kubernetes
Untuk ringkasan dan contoh kueri log audit Aktivitas Admin, lihat yang disediakan di
halaman Logging audit GKE.
Kueri tingkat cluster
| Nama kueri/filter |
Ekspresi |
| Operasi cluster Google Kubernetes Engine |
resource.type="gke_cluster" AND
log_id("cloudaudit.googleapis.com/activity") |
| Pembuatan cluster Google Kubernetes Engine |
resource.type="gke_cluster" AND
log_id("cloudaudit.googleapis.com/activity") AND
protoPayload.methodName="google.container.v1.ClusterManager.CreateCluster"
|
| Deployment cluster Kubernetes |
resource.type="k8s_cluster" AND
log_id("cloudaudit.googleapis.com/activity") AND
protoPayload.methodName:"deployments"
|
| Kegagalan autentikasi cluster Kubernetes |
resource.type="k8s_cluster" AND
log_id("cloudaudit.googleapis.com/activity") AND
protoPayload.authenticationInfo.principalEmail="system:anonymous"
|
Operasi dan peristiwa cluster Kubernetes di us-central1-b |
resource.type="k8s_cluster" AND
resource.labels.location="us-central1-b"
|
| Permintaan pod Kubernetes dari pengguna |
resource.type="k8s_cluster" AND
log_id("cloudaudit.googleapis.com/activity") AND
protoPayload.methodName:"io.k8s.core.v1.pods" AND
protoPayload.authenticationInfo.principalEmail="USER_EMAIL"
|
| Peristiwa Kubernetes |
resource.type="k8s_cluster" AND
log_id("events")
|
| Pembaruan Endpoint Kubernetes |
resource.type="k8s_cluster" AND
log_id("cloudaudit.googleapis.com/activity") AND
protoPayload.request.kind="Endpoints"
|
| Log bidang kontrol Kubernetes |
resource.type="k8s_cluster" AND
log_id("cloudaudit.googleapis.com/activity") AND
protoPayload.serviceName="k8s.io"
|
| Log bidang kontrol Kubernetes Engine |
resource.type="k8s_cluster" AND
log_id("cloudaudit.googleapis.com/activity") AND
protoPayload.serviceName="container.googleapis.com"
|
| Penghapusan pod |
resource.type="k8s_cluster" AND
log_id("cloudaudit.googleapis.com/activity") AND
protoPayload.methodName=~"io\.k8s\.core\.v1\.pods\.(create|delete)"
|
| Log audit pod Kubernetes dari bidang kontrol |
resource.type="k8s_cluster" AND
resource.labels.location="CLUSTER_LOCATION" AND
resource.labels.cluster_name="CLUSTER_NAME" AND
log_id("cloudaudit.googleapis.com/activity") AND
protoPayload.resourceName="core/v1/namespaces/POD_NAMESPACE/pods/POD_NAME
|
| Penghapusan pod Kubernetes |
resource.type="k8s_cluster" AND
resource.labels.location="CLUSTER_LOCATION" AND
resource.labels.cluster_name="CLUSTER_NAME" AND
log_id("cloudaudit.googleapis.com/activity") AND
protoPayload.methodName="io.k8s.core.v1.pods.eviction.create"
|
| Log audit node Kubernetes dari bidang kontrol |
resource.type="k8s_cluster" AND
resource.labels.location="CLUSTER_LOCATION" AND
resource.labels.cluster_name="CLUSTER_NAME" AND
log_id("cloudaudit.googleapis.com/activity") AND
protoPayload.methodName:"io.k8s.core.v1.nodes"
|
| Bidang kontrol cluster Kubernetes untuk Aktivitas Pengelola Add-on |
resource.type="k8s_cluster" AND
resource.labels.location="CLUSTER_LOCATION" AND
resource.labels.cluster_name="CLUSTER_NAME" AND
log_id("cloudaudit.googleapis.com/activity") AND
protoPayload.authenticationInfo.principalEmail="system:addon-manager"
|
Error bidang kontrol Kubernetes (tidak termasuk Conflict, yang normal) |
resource.type="k8s_cluster" AND
resource.labels.location="CLUSTER_LOCATION" AND
resource.labels.cluster_name="CLUSTER_NAME" AND
log_id("cloudaudit.googleapis.com/activity") AND
protoPayload.status.message!="Conflict" AND
protoPayload.status.code!=0
|
| Peristiwa Pengontrol Ingress |
resource.type="k8s_cluster" AND
resource.labels.location="CLUSTER_LOCATION" AND
resource.labels.cluster_name="CLUSTER_NAME" AND
log_id("events") AND
jsonPayload.source.component="loadbalancer-controller"
|
| Peristiwa Service Controller (kube-controller-manager) |
resource.type="k8s_cluster" AND
resource.labels.location="CLUSTER_LOCATION" AND
resource.labels.cluster_name="CLUSTER_NAME" AND
log_id("events") AND
jsonPayload.source.component="service-controller"
|
| Peristiwa Cluster Autoscaler |
resource.type="k8s_cluster" AND
resource.labels.location="CLUSTER_LOCATION" AND
resource.labels.cluster_name="CLUSTER_NAME" AND
log_id("events") AND
jsonPayload.source.component="cluster-autoscaler"
|
Kueri tingkat pod
| Nama filter |
Ekspresi |
| Kueri pod selama pembuatan |
resource.type="k8s_pod" AND
resource.labels.pod_name="POD_NAME" AND
log_id("events")
|
| Pod kueri dihentikan karena tekanan resource |
resource.type="k8s_pod" AND
log_id("events") AND
jsonPayload.reason="Evicted"
|
| Acara penjadwal |
resource.type="k8s_pod" AND
resource.labels.location="CLUSTER_LOCATION" AND
resource.labels.cluster_name="CLUSTER_NAME" AND
log_id("events") AND
jsonPayload.source.component="default-scheduler"
|
| Peristiwa penjadwal (penghentian sementara) |
resource.type="k8s_pod" AND
resource.labels.location="CLUSTER_LOCATION" AND
resource.labels.cluster_name="CLUSTER_NAME" AND
log_id("events") AND
jsonPayload.source.component="default-scheduler" AND
jsonPayload.reason="Preempted"
|
Kueri tingkat node
| Nama filter |
Ekspresi |
| Acara node |
resource.type="k8s_node" AND
log_id("events")
|
| Melihat log Kube-proxy |
resource.type="k8s_node" AND
log_id("kube-proxy")
|
| Melihat log dockerd |
resource.type="k8s_node" AND
log_id("container-runtime")
|
| Melihat error atau kegagalan kubelet |
resource.type="k8s_node" AND
log_id("kubelet") AND
jsonPayload.MESSAGE:("error" OR "fail")
|
| Melihat log node untuk log sistem GKE |
resource.type = "k8s_node"
logName:( "logs/container-runtime" OR
"logs/docker" OR
"logs/kube-container-runtime-monitor" OR
"logs/kube-logrotate" OR
"logs/kube-node-configuration" OR
"logs/kube-node-installation" OR
"logs/kubelet" OR
"logs/kubelet-monitor" OR
"logs/node-journal" OR
"logs/node-problem-detector")
|
Kueri namespace
| Nama filter |
Ekspresi |
| Log container dan pod untuk log sistem GKE |
resource.type = ("k8s_container" OR "k8s_pod")
resource.labels.namespace_name = (
"cnrm-system" OR
"config-management-system" OR
"gatekeeper-system" OR
"gke-connect" OR
"gke-system" OR
"istio-system" OR
"knative-serving" OR
"monitoring-system" OR
"kube-system")
|
Kueri container
| Nama filter |
Ekspresi |
| Log container Stdout di semua pod dan container dalam cluster |
resource.type="k8s_container" AND
log_id("stdout")
|
| Log error penampung di semua pod dan penampung dalam cluster |
resource.type="k8s_container" AND
log_id("stderr") AND
severity=ERROR
|
| Log error container untuk pod dengan nama tertentu |
resource.type="k8s_container" AND
resource.labels.pod_name="POD_NAME" AND
severity=ERROR
|
| Log error container untuk container tertentu di pod tertentu |
resource.type="k8s_container" AND
resource.labels.pod_name="POD_NAME" AND
resource.labels.container_name="server" AND
severity=ERROR
|
| Log error container untuk namespace dan container tertentu |
resource.type="k8s_container" AND
resource.labels.namespace_name="istio-system" AND
resource.labels.container_name="egressgateway" AND
severity=ERROR
|
| Log container untuk pod dengan label tertentu |
resource.type="k8s_container" AND
labels."k8s-pod/app"="loadgenerator" AND
severity=ERROR
|
| Log error container untuk pod yang berjalan di node tertentu |
resource.type="k8s_container" AND
labels."compute.googleapis.com/resource_name"=NODE_NAME AND
severity=ERROR
|
| Log container untuk pod dengan label yang dibuat menggunakan skaffold |
resource.type="k8s_container" AND
labels."k8s-pod/app"="loadgenerator" AND
labels."k8s-pod/skaffold_dev/run-id"=SKAFFOLD_RUN_ID
severity=ERROR
|
Log error penampung untuk pod tertentu yang berisi POST di textPayload |
resource.type="k8s_container" AND
resource.labels.pod_name="POD_NAME" AND
textPayload:"POST" AND
severity=ERROR
|
Log error container untuk pod tertentu yang berisi GET dalam JSON terstruktur |
resource.type="k8s_container" AND
resource.labels.pod_name="POD_NAME" AND
jsonPayload."http.req.method"="GET" AND
severity=ERROR
|
| Log error container di namespace kube-system |
resource.type="k8s_container" AND
resource.labels.namespace_name="kube-system" AND
severity=ERROR
|
| Error penampung dalam log insight penampung |
resource.type="k8s_container" AND
log_id("clouderrorreporting.googleapis.com/insights")
|
| Log container Kubernetes |
resource.type="k8s_container" AND
resource.labels.container_name="CONTAINER_NAME"
|
Kueri bidang kontrol
Catatan: Log bidang kontrol GKE harus diaktifkan.
| Nama filter |
Ekspresi |
| Log server Kubernetes API |
resource.type="k8s_control_plane_component"
resource.labels.component_name="apiserver"
resource.labels.location="CLUSTER_LOCATION"
resource.labels.cluster_name="CLUSTER_NAME"
|
| Log Kubernetes Scheduler |
resource.type="k8s_control_plane_component"
resource.labels.component_name="scheduler"
resource.labels.location="CLUSTER_LOCATION"
resource.labels.cluster_name="CLUSTER_NAME"
|
| Log Kubernetes Controller Manager |
resource.type="k8s_control_plane_component"
resource.labels.component_name="controller-manager"
resource.labels.location="CLUSTER_LOCATION"
resource.labels.cluster_name="CLUSTER_NAME"
|
Kueri workload TPU
Catatan: Logging sistem dan beban kerja GKE harus diaktifkan.
| Nama filter |
Ekspresi |
| Log container Stdout di semua node TPU dengan awalan yang sama
|
resource.type="k8s_container" AND
labels."compute.googleapis.com/resource_name"=~"TPU_NODE_PREFIX.*" AND
log_id("stdout")
|
| Log error penampung di semua node TPU dengan awalan yang sama
|
resource.type="k8s_container" AND
labels."compute.googleapis.com/resource_name"=~"TPU_NODE_PREFIX.*" AND
log_id("stderr") AND
severity=ERROR
|
| Log container stdout dari Job GKE yang sama
|
resource.type="k8s_container" AND
labels."k8s-pod/batch.kubernetes.io/job-name" = "JOB_NAME" AND
log_id("stdout")
|
| Log error container dari Job GKE yang sama
|
resource.type="k8s_container" AND
labels."k8s-pod/batch.kubernetes.io/job-name"="JOB_NAME" AND
log_id("stderr") AND
severity=ERROR
|
| Log container Stdout dari JobSet GKE yang sama
|
resource.type="k8s_container" AND
labels."k8s-pod/jobset_sigs_k8s_io/jobset-name"="JOBSET_NAME" AND
log_id("stdout")
|
| Log error container dari JobSet GKE yang sama
|
resource.type="k8s_container" AND
labels."k8s-pod/jobset_sigs_k8s_io/jobset-name"="JOBSET_NAME" AND
log_id("stderr") AND
severity=ERROR
|
Kueri aplikasi pihak ketiga
Kueri berikut menggunakan
ID log default
untuk log yang dikumpulkan oleh
agen Logging lama. Jika Anda mengumpulkan log menggunakan Agen Operasional, nama log mungkin dikonfigurasi secara berbeda. Untuk mengetahui informasi selengkapnya tentang Agen Operasional dan log aplikasi, lihat Mengumpulkan log dari aplikasi pihak ketiga.
| Nama kueri/filter |
Ekspresi |
| Log Apache |
resource.type="gce_instance" AND
(logName:"/apache-access" OR logName:"/apache-error") |
| Log Cassandra |
resource.type="gce_instance" AND
log_id("cassandra") |
| Log Chef |
resource.type="gce_instance" AND
logName:"projects/PROJECT_ID/logs/chef-" |
| Log GitLab |
resource.type="gce_instance"
logName:"projects/PROJECT_ID/logs/gitlab-" |
| Log Jenkins |
resource.type="gce_instance" AND
log_id("jenkins") |
| Log Jetty |
resource.type="gce_instance" AND
logName:"projects/PROJECT_ID/logs/jetty-" |
| Log Joomla |
resource.type="gce_instance" AND
log_id("joomla") |
| Syslog Linux |
resource.type="gce_instance" AND
log_id("syslog") |
| Log Magneto |
resource.type="gce_instance" AND
logName:"projects/PROJECT_ID/logs/magneto-" |
| Log MediaWiki |
resource.type="gce_instance" AND
log_id("mediawiki") |
| Log memcached |
resource.type="gce_instance" AND
log_id("memcached") |
| Log MongoDB |
resource.type="gce_instance" AND
log_id("mongodb") |
| Log MySQL |
resource.type="gce_instance" AND
log_id("mysql") |
| Log Nginx |
resource.type="gce_instance" AND
logName:"projects/PROJECT_ID/logs/nginx-" |
| Log PostgreSQL |
resource.type="gce_instance" AND
log_id("postgresql") |
| Log Puppet |
resource.type="gce_instance" AND
logName:"projects/PROJECT_ID/logs/puppet-" |
| Log RabbitMQ |
resource.type="gce_instance" AND
logName:"projects/PROJECT_ID/logs/rabbitmq-" |
| Log Redmine |
resource.type="gce_instance" AND
log_id("redmine") |
| Log garam |
resource.type="gce_instance" AND
logName:"projects/PROJECT_ID/logs/salt-" |
| Kueri MySQL lambat |
resource.type="gce_instance" AND
log_id("mysql-slow") |
| Log Solr |
resource.type="gce_instance" AND
log_id("solr") |
| Log SugarCRM |
resource.type="gce_instance" AND
log_id("sugarcrm") |
| Log Tomcat |
resource.type="gce_instance" AND
log_id("tomcat") |
| Log Zookeeper |
resource.type="gce_instance" AND
log_id("zookeeper") |
Kueri terkait jaringan
| Nama kueri/filter |
Ekspresi |
| Firewall - semua log |
resource.type="gce_subnetwork" AND
log_id("compute.googleapis.com/firewall") |
| Log firewall untuk negara tertentu |
resource.type="gce_subnetwork" AND
log_id("compute.googleapis.com/firewall") AND
jsonPayload.remote_location.country=COUNTRY_ISO_ALPHA_3 |
| Log firewall dari VM |
resource.type="gce_subnetwork" AND
log_id("compute.googleapis.com/firewall") AND
jsonPayload.instance.vm_name="INSTANCE_NAME" |
| Log subnet firewall |
resource.type="gce_subnetwork" AND
log_id("compute.googleapis.com/firewall") AND
resource.labels.subnetwork_name="SUBNET_NAME" |
| Log traffic subnetwork Compute Engine ke subnet |
resource.type="gce_subnetwork" AND
ip_in_net(jsonPayload.connection.dest_ip, "SUBNET_IP") |
| Log Aliran VPC |
resource.type="gce_subnetwork" AND
log_id("compute.googleapis.com/vpc_flows") |
| Log Aliran VPC untuk port dan protokol tertentu |
resource.type="gce_subnetwork" AND
log_id("compute.googleapis.com/vpc_flows") AND
jsonPayload.connection.src_port="PORT_ID" AND
jsonPayload.connection.protocol="PROTOCOL" |
| Log Aliran VPC untuk subnet tertentu |
resource.type="gce_subnetwork" AND
log_id("compute.googleapis.com/vpc_flows") AND
resource.labels.subnetwork_name"=SUBNET_NAME" |
| Log Aliran VPC untuk awalan subnet tertentu |
resource.type="gce_subnetwork" AND
log_id("compute.googleapis.com/vpc_flows") AND
ip_in_net(jsonPayload.connection.dest_ip,SUBNET_IP) |
| Log Aliran VPC untuk VM tertentu |
resource.type="gce_subnetwork" AND
log_id("compute.googleapis.com/vpc_flows") AND
jsonPayload.src_instance.vm_name="VM_NAME" |
| Log gateway VPN |
resource.type="vpn_gateway" AND
resource.labels.gateway_id="GATEWAY_ID" |
| Error 5xx Load Balancer HTTP |
resource.type="http_load_balancer" AND
httpRequest.status>=500 |
| Permintaan Load Balancer HTTP ke PHPMyAdmin |
resource.type="http_load_balancer" AND
httpRequest.request_url:"phpmyadmin" |
Kueri keamanan
| Nama kueri/filter |
Ekspresi |
| Log audit—semua |
logName:"cloudaudit.googleapis.com" |
| Log audit - Transparansi Akses (AXT) |
log_id("cloudaudit.googleapis.com/access_transparency") |
| Log audit - Aktivitas Admin |
log_id("cloudaudit.googleapis.com/activity") |
| Log audit - Akses Data |
log_id("cloudaudit.googleapis.com/data_access") |
| Log audit - Peristiwa Sistem |
log_id("cloudaudit.googleapis.com/system_event") |
Pemecahan masalah
Untuk mengetahui petunjuk tentang cara memecahkan masalah umum saat menggunakan
Logs Explorer, lihat
Menggunakan Logs Explorer: Pemecahan masalah.
Langkah berikutnya
Untuk mengetahui informasi selengkapnya tentang sintaksis kueri, yang dapat Anda gunakan untuk menyesuaikan kueri ini, lihat Bahasa kueri logging.
Untuk mengetahui informasi selengkapnya tentang pembuatan kueri di konsol Google Cloud , lihat
Membuat kueri menggunakan bahasa kueri Logging.
