Basic logs queries

This guide shows you how to query log entries by label or text search in the Logs Viewer basic query interface.

For more advanced logs querying options, see Advanced logs queries.

To export your log entries, see Exporting logs. To read log entries through the API, see entries.list. To read log entries using the SDK, see Reading log entries.

Getting started with basic queries

Go to the Stackdriver Logging > Logs (Logs Viewer) page in the GCP Console:

Go to the Logs Viewer page
Select an existing Google Cloud Platform project at the top of the page, or create a new project.
Using the drop-down menu , select the resource whose logs you want to view.

The following screenshot shows the basic logs queries interface. Four log entries from an App Engine application are shown. The second entry has been expanded by clicking its expander arrow

The user interface showing the basic logs queries options.

The basic query interface has the following major components—indicated by red numbers in the screenshot—some of which are shared with the advanced query interface:

The window tabs let you choose Logs (Logs Viewer), Metrics (see Logs-based metrics), Exports (see Exporting logs), and Logs ingestion (see Logs exclusions).
The search-query box in the basic logs query interface lets you query log entries by label or text search. The basic query interface is shown, and the drop-down menu lets you switch to the advanced query interface or get a link to your query. Log queries are labelled as "filters" in the user interface, since they let you select a particular set of log entries.
The basic selector menus lets you choose resources, logs, and severity levels to display:
- Resources: The resources available in your current project.
- Logs: The log types available for the current resources in your project.
- Log severity: The log severity levels.
The time-range selector drop-down menus let you query for specific dates and times in the logs.
The streaming selector, at the top of the page, controls whether new log entries are displayed as they arrive.
The log-entry table contains the log entries available according to your current queries and custom fields.
The expander arrow in front of each log entry lets you look at the full contents of the entry. For more information, go to expand log entries on this page.
The View Options menu has additional display options.
The Download logs menu lets you download a set of log entries.
The More options displayed with each log entry let you place a pin on the log entry, show the log entry in its resource context, and copy a URL for the log entry to the clipboard.

Lastly, the Logs Viewer uses the cursor position to highlight the associated log entry and to place a push pin (📌) symbol next to the More options.

Basic searches

In the basic query interface, enter your text in the search-query box and select ENTER. The search returns all log entries that include your search term(s) anywhere, in any field (except timestamp), and in any letter case. The word text: that the Logs Viewer adds before your search term(s) indicates that this is an "all fields" search.

Following are some common searches, and some that don't do what you expect.

Common basic search examples

Unicorn (text:Unicorn): Finds all log entries containing unicorn, in any field and in any letter case.

Note: As you begin typing 'Unicorn', a list of log entry field names might pop up. Ignore them for now; they are discussed in Searching specific fields on this page.
unicorn phoenix (text:unicorn text:phoenix): Finds all log entries containing unicorn or phoenix, in the same or different field(s). If you want log entries that contain both terms, use the advanced query interface.
"unicorn phoenix" (text:"unicorn phoenix"): Finds all log entries containing unicorn and phoenix in the same field, in any letter case, separated by exactly one space. The basic logs queries interface does not support searching for "unicorn and phoenix" anywhere in the same field, but the advanced query interface does.
-unicorn (-text:unicorn): Finds all log entries containing unicorn in any field and in any letter case, and excludes them from your displayed entries. The basic logs queries interface does not support searching for "-unicorn and -phoenix" in the same or different field(s), but the advanced logs query interface does.
2345 (text:2345): Finds all log entries containing the string 2345. Numbers within log entries are generally represented as strings, so this matches, for example, 123456.

Searches that don't do what you expect

uni* (text:uni*): This is not a wildcard search. This search finds all log entries containing the 4-character string "uni*". The Logs Viewer does not support regular expression searches and there are no special wildcard characters such as * or ?, in either the basic or advanced query interfaces.
2017-02-05 (text:2017-02-05): This does not match log entry timestamps. This search finds all log entries containing the string 2017-02-05 in any field except timestamp. If your log entries contain date strings in their payload or in other fields, then you can search for them. You can also use the Jump to date menu. The advanced logs queries interface lets you use searches that specify a range of timestamps.
200..299 (text:200..299): This does not match 250. The basic query interface search finds log entries containing the 8-character string "200..299". This range notation is only allowed in searches restricted to integer fields. Go to Searching specific fields on this page.
unicorn NOT phoenix (text:unicorn text:NOT text:phoenix)
unicorn OR phoenix (text:unicorn text:OR text:phoenix): These are not Boolean text searches, as including Boolean operators (AND, OR, NOT or AND NOT) is not supported for text searches in the basic logs query. If you include multiple text search terms, the terms are implicitly connected by or. In lieu of the Boolean NOT operator, you can use the - (minus) operator. For details, see Common basic search examples on this page.

Searching specific fields

You can restrict your search to a specific field by adding the field name and a colon in front of your search terms. The field name replaces text: in all-field searches. As you type in the search-query box, you see a list of matching fields:

The search-query box showing matching fields.

In the following examples, status: is the integer HTTP status code and path: is the HTTP path in the request:

path:query: Finds log entries whose HTTP path contains query in any letter case; for example, /query or /App/Query/17.
path:*: Finds log entries that have a path field. This is a special use of the asterisk (*) character; it is not generally treated as a special character.
status:200: View log entries with a status of (exactly) 200. The search doesn't match, for example, a status of 2000. Since status is known to be an integer field, the comparison is numeric.
status:abc: Illegal, because status is known to contain an integer.
status:400..499: Finds log entries with an HTTP status of 400 through 499. Ranges are only available for fields known to contain integers. If you use a range for other fields, the range is interpreted as a single string containing . characters.
path:query unicorn: Finds log entries whose path fields contain query and that contain unicorn in any field. Because unicorn is not preceded by a field name, it is as if you wrote text:unicorn. When you include search terms for different fields, or for fields and text:, the terms are implicitly connected with and.
path:query path:status: Finds log entries whose path field contains query or status. When you include multiple search terms for the same field, the terms are implicitly connected with or.
path:query status:200 path:status status:500..502: Finds log entries that have paths containing query or status, and that have status values of 200, 500, 501, or 502. In other words, or binds more tightly than and, and the order of search terms does not matter.

Troubleshooting

If you are not sure why your search is not working in the basic logs queries interface, briefly switch to the advanced query interface:

Select Convert to advanced filter using the drop-down menu in the search-query box.
Look at the search-query box to see if it is what you intended.
Return to the basic query interface by using the browser's Back button. Selecting this option returns you to your previous selections in the basic query interface.
If you identified unintended queries in step 2, you can change or clear them in the search-query box, the basic selector menu, or time-range selector menu.

Here are some other reasons you might not see all the log entries you expect:

You cannot see log entries that are older than the Logging retention period. See Logs retention periods for the logs retention period in effect.
During periods of heavy load there could be delays in sending logs to Logging or in receiving and displaying the logs.
The Logs Viewer does not show log entries that have timestamps in the future until the current time has "caught up" with them. This is an unusual situation, probably caused by a time skew in the application sending the logs.

このページは役立ちましたか？評価をお願いいたします。

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see our Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

最終更新日: 9月 27, 2019