進階篩選器程式庫

本頁面提供建議使用的篩選器,幫助您輕鬆找到重要記錄。所有列出的篩選器可在記錄檢視器Stackdriver Logging API指令列介面中使用,不過本頁面著重於介紹如何在記錄檢視器中使用篩選器。

進階記錄篩選器是布林運算式,用於指定專案的所有記錄項目子集。您可以使用這些篩選器選擇特定記錄或記錄服務中的記錄項目,或是選擇滿足中繼資料或使用者定義欄位上之條件的記錄項目。如須深入瞭解進階篩選功能,請參閱進階記錄篩選器一文。

開始使用進階篩選器

本頁面所示的篩選器專門用於記錄檢視器的進階篩選器介面。

如要前往記錄檢視器的進階篩選器介面,請執行下列步驟:

  1. 前往 GCP 主控台的「Stackdriver Logging」>「Logs」(記錄) (「Logs Viewer」(記錄檢視器)) 頁面:

    前往「Logs Viewer」(記錄檢視器) 頁面

  2. 選取頁面頂端的 GCP 專案。

  3. 按一下搜尋篩選器方塊最右側的下拉式箭頭 (▾),然後選取 [Convert to advanced filter] (轉換為進階篩選器)

    轉換為進階記錄篩選器

    畫面上會顯示進階記錄篩選器介面。

使用篩選器

如要使用下表中的任一篩選器,請按一下任一運算式列結尾的剪貼簿圖示複製該運算式,接著將複製的運算式貼入進階篩選器介面的搜尋篩選器方塊:

進階篩選器搜尋框

符合篩選器的記錄會列於搜尋篩選器方塊下方。

下列部分篩選器包含的變數 (以方括號 [] 指示) 應替換為有效的值。如果篩選器包含 logName,則您提供的 [PROJECT_ID] 必須參照目前所選的 GCP 專案,否則篩選器會無法運作。詳情請參閱疑難排解一節。

編寫時間戳記篩選器時,您必須在搜尋篩選器方塊下方的時間範圍選取器中選取 [No Limit] (無限制)。

以下各節依 Google Cloud Platform 服務將篩選器分組。

App Engine 篩選器

篩選器名稱 運算式
跨年當天的 App Engine 記錄 (以世界標準時間表示)

resource.type="gae_app" AND
severity>=ERROR AND
timestamp>="2018-12-31T00:00:00Z" AND timestamp<="2019-01-01T00:00:00Z" 
發生伺服器錯誤的 App Engine 要求記錄

resource.type="gae_app" AND
log_name="projects/[PROJECT_ID]/logs/appengine.googleapis.com%2Frequest_log" AND
http_request.status>=500 
取樣的 HTTP 錯誤記錄

resource.type="gae_app" AND
proto_payload.status >= 400 AND
sample(insertId, 0.1) 
App Engine 追蹤項目 ID 搜尋

resource.type="gae_app" AND
trace="projects/[PROJECT_ID]/traces/[TRACE_ID]" 

BigQuery 篩選器

篩選器名稱 運算式
BigQuery 稽核記錄

resource.type="bigquery_resource" AND
log_name="projects/[PROJECT_ID]/logs/cloudaudit.googleapis.com" 
BigQuery 資料移轉服務工作

resource.type="bigquery_resource" AND
proto_payload.request_metadata.caller_supplied_user_agent="BigQuery Data Transfer Service" AND
proto_payload.method_name="jobservice.insert" 
BigQuery 資料集更新

resource.type="bigquery_resource" AND
log_name="projects/[PROJECT_ID]/logs/cloudaudit.googleapis.com%2Factivity" AND
proto_payload.method_name="datasetservice.update" 
已完成的 BigQuery 工作

resource.type="bigquery_resource" AND
log_name="projects/[PROJECT_ID]/logs/cloudaudit.googleapis.com%2Fdata_access" AND
proto_payload.method_name="jobservice.jobcompleted" 
BigQuery 大量查詢

resource.type="bigquery_resource" AND
proto_payload.method_name="jobservice.jobcompleted" AND
proto_payload.service_data.job_completed_event.job.job_statistics.total_billed_bytes>1073741824 
已超過的 BigQuery 配額

resource.type="bigquery_resource" AND
proto_payload.status.code=8 AND
severity>=WARNING 
已開始的 BigQuery 查詢

resource.type="bigquery_resource" AND
proto_payload.method_name="jobservice.insert" 

Cloud Dataflow 篩選器

篩選器名稱 運算式
Dataflow 工作站的錯誤與警告

resource.type="dataflow_step" AND
log_name="projects/[PROJECT_ID]/logs/dataflow.googleapis.com%2Fworker" AND
severity>=WARNING 

Cloud Dataproc 篩選器

篩選器名稱 運算式
Dataproc Apache Hadoop 記錄

resource.type="cloud_dataproc_cluster" AND
json_payload.class:"org.apache.hadoop.mapreduce" 

Cloud Deployment Manager

篩選器名稱 運算式
Deployment Manager 錯誤

resource.type="deployment" AND
severity>=ERROR 

Cloud Functions 篩選器

篩選器名稱 運算式
Cloud 函式錯誤

resource.type="cloud_function" AND
log_name="projects/[PROJECT_ID]/logs/cloudfunctions.googleapis.com%2Fcloud-functions" AND
severity>=ERROR 

Cloud Identity and Access Management 篩選器

篩選器名稱 運算式
服務帳戶建立記錄

resource.type="service_account" AND
log_name="projects/[PROJECT_ID]/logs/cloudaudit.googleapis.com%2Factivity" AND
proto_payload.method_name="google.iam.admin.v1.CreateServiceAccount" 
服務帳戶建立金鑰記錄

resource.type="service_account" AND
log_name="projects/[PROJECT_ID]/logs/cloudaudit.googleapis.com%2Factivity" AND
proto_payload.method_name="google.iam.admin.v1.CreateServiceAccountKey" 
存取權控管政策設定記錄

resource.type="project" AND
log_name="projects/[PROJECT_ID]/logs/cloudaudit.googleapis.com%2Factivity" AND
proto_payload.method_name="SetIamPolicy" 

Cloud Source Repositories 篩選器

篩選器名稱 運算式
Cloud Source Repositories 存放區記錄

resource.type="csr_repository" AND
resource.labels.name="[REPOSITORY_NAME]"

Cloud Spanner 篩選器

篩選器名稱 運算式
特定 Spanner 執行個體的 Cloud Spanner 記錄

resource.type="spanner_instance" AND
resource.labels.instance_id="[SPANNER_INSTANCE]"

Cloud SQL 篩選器

篩選器名稱 運算式
Cloud SQL 資料庫

resource.type="cloudsql_database" AND
resource.labels.database_id="[DATABASE_ID]"
Cloud SQL MySQL 錯誤記錄

resource.type="cloudsql_database" AND
log_name="projects/[PROJECT_ID]/logs/cloudsql.googleapis.com%2Fmysql.err"
Cloud SQL MySQL 資料庫

resource.type="cloudsql_database" AND
resource.labels.database_id="[DATABASE_ID]" AND
log_name="projects/[PROJECT_ID]/logs/cloudsql.googleapis.com%2Fmysql"
Cloud SQL Postgres 資料庫

resource.type="cloudsql_database" AND
resource.labels.database_id="[DATABASE_ID]" AND
log_name="projects/[PROJECT_ID]/logs/cloudsql.googleapis.com%2Fpostgres.log"

Compute Engine 篩選器

篩選器名稱 運算式
Google Compute Engine 管理員活動記錄

resource.type="gce_instance" AND
log_name="projects/[PROJECT_ID]/logs/cloudaudit.googleapis.com%2Factivity"
Google Compute Engine 防火牆規則刪除

resource.type="gce_firewall_rule" AND
log_name="projects/[PROJECT_ID]/logs/cloudaudit.googleapis.com%2Factivity" AND
proto_payload.method_name:"firewalls.delete" 
Google Compute Engine 舊版活動記錄

resource.type="gce_instance" AND
log_name="projects/[PROJECT_ID]/logs/compute.googleapis.com%2Factivity_log" 
Google Compute Engine VM 系統記錄

resource.type="gce_instance" AND
log_name="projects/[PROJECT_ID]/logs/syslog" 

Cloud Storage 篩選器

篩選器名稱 運算式
GCS 值區記錄

resource.type="gcs_bucket" AND
resource.labels.bucket_name="[BUCKET_NAME]"
GCS 值區稽核記錄

resource.type="gcs_bucket" AND
log_name="projects/[PROJECT_ID]/logs/cloudaudit.googleapis.com" 
GCS 值區建立記錄

resource.type="gcs_bucket" AND
log_name="projects/[PROJECT_ID]/logs/cloudaudit.googleapis.com%2Factivity" AND
proto_payload.method_name="storage.buckets.create" 
GCS 值區刪除記錄

resource.type="gcs_bucket" AND
log_name="projects/[PROJECT_ID]/logs/cloudaudit.googleapis.com%2Factivity" AND
proto_payload.method_name="storage.buckets.delete" 

Cloud Tasks 篩選器

篩選器名稱 運算式
Cloud Tasks 佇列記錄

resource.type="cloud_tasks_queue" AND
resource.labels.queue_id="[QUEUE_ID]"

記錄代理程式應用程式篩選器

篩選器名稱 運算式
Apache 記錄

resource.type="gce_instance" AND
(log_name:"/apache-access" OR log_name:"/apache-error")
Cassandra 記錄

resource.type="gce_instance" AND
log_name="projects/[PROJECT_ID]/logs/cassandra"
Chef 記錄

resource.type="gce_instance" AND
log_name:"projects/[PROJECT_ID]/logs/chef-"
Gitlab 記錄

resource.type="gce_instance"
log_name:"projects/[PROJECT_ID]/logs/gitlab-" 
Jenkins 記錄

resource.type="gce_instance" AND
log_name="projects/[PROJECT_ID]/logs/jenkins"
Jetty 記錄

resource.type="gce_instance" AND
log_name:"projects/[PROJECT_ID]/logs/jetty-"
Joomla 記錄

resource.type="gce_instance" AND
log_name="projects/[PROJECT_ID]/logs/joomla"
Linux 系統記錄

resource.type="gce_instance" AND
log_name="projects/[PROJECT_ID]/logs/syslog"
Magneto 記錄

resource.type="gce_instance" AND
log_name:"projects/[PROJECT_ID]/logs/magneto-"
Mediawiki 記錄

resource.type="gce_instance" AND
log_name="projects/[PROJECT_ID]/logs/mediawiki"
Memcached 記錄

resource.type="gce_instance" AND
log_name="projects/[PROJECT_ID]/logs/memcached"
MongoDB 記錄

resource.type="gce_instance" AND
log_name="projects/[PROJECT_ID]/logs/mongodb"
MySQL 記錄

resource.type="gce_instance" AND
log_name="projects/[PROJECT_ID]/logs/mysql"
Nginx 記錄

resource.type="gce_instance" AND
log_name:"projects/[PROJECT_ID]/logs/nginx-"
Postgresql 記錄

resource.type="gce_instance" AND
log_name="projects/[PROJECT_ID]/logs/postgresql"
Puppet 記錄

resource.type="gce_instance" AND
log_name:"projects/[PROJECT_ID]/logs/puppet-"
RabbitMQ 記錄

resource.type="gce_instance" AND
log_name:"projects/[PROJECT_ID]/logs/rabbitmq-"
Redmine 記錄

resource.type="gce_instance" AND
log_name="projects/[PROJECT_ID]/logs/redmine"
Salt 記錄

resource.type="gce_instance" AND
log_name:"projects/[PROJECT_ID]/logs/salt-"
MySQL 查詢緩慢記錄

resource.type="gce_instance" AND
log_name="projects/[PROJECT_ID]/logs/mysql-slow"
Solr 記錄

resource.type="gce_instance" AND
log_name="projects/[PROJECT_ID]/logs/solr"
SugarCRM 記錄

resource.type="gce_instance" AND
log_name="projects/[PROJECT_ID]/logs/sugarcrm"
Tomcat 記錄

resource.type="gce_instance" AND
log_name="projects/[PROJECT_ID]/logs/tomcat"
Zookeeper 記錄

resource.type="gce_instance" AND
log_name="projects/[PROJECT_ID]/logs/zookeeper"

Networking 篩選器

篩選器名稱 運算式
所有防火牆記錄

resource.type="gce_subnetwork" AND
log_name="projects/[PROJECT_ID]/logs/compute.googleapis.com%2Ffirewall"
各國家/地區的防火牆記錄

resource.type="gce_subnetwork" AND
log_name="projects/[PROJECT_ID]/logs/compute.googleapis.com%2Ffirewall" AND
json_payload.remote_location.country=[COUNTRY_ISO_ALPHA_3]
各 VM 的防火牆記錄

resource.type="gce_subnetwork" AND
log_name="projects/[PROJECT_ID]/logs/compute.googleapis.com%2Ffirewall" AND
json_payload.instance.vm_name="[INSTANCE_NAME]"
防火牆子網路記錄

resource.type="gce_subnetwork" AND
log_name="projects/[PROJECT_ID]/logs/compute.googleapis.com%2Ffirewall" AND
resource.labels.subnetwork_name="[SUBNET_NAME]"
傳送至子網路的 Compute Engine 子網路流量記錄

resource.type="gce_subnetwork" AND
ip_in_net(json_payload.connection.dest_ip, "[SUBNET_IP]")
虛擬私人雲端流程記錄

resource.type="gce_subnetwork" AND
log_name="projects/[PROJECT_ID]/logs/compute.googleapis.com%2Fvpc_flows"
特定通訊埠和通訊協定的虛擬私人雲端流程記錄

resource.type="gce_subnetwork" AND
log_name="projects/[PROJECT_ID]/logs/compute.googleapis.com%2Fvpc_flows" AND
json_payload.connection.src_port="[PORT_ID]" AND
json_payload.connection.protocol="[PROTOCOL]"
特定子網路的虛擬私人雲端流程記錄

resource.type="gce_subnetwork" AND
log_name="projects/[PROJECT_ID]/logs/compute.googleapis.com%2Fvpc_flows" AND
resource.labels.subnetwork_name"=[SUBNET_NAME]"
特定子網路前置字串的虛擬私人雲端流程記錄

resource.type="gce_subnetwork" AND
log_name="projects/[PROJECT_ID]/logs/compute.googleapis.com%2Fvpc_flows" AND
ip_in_net(json_payload.connection.dest_ip,[SUBNET_NAME])
特定 VM 的虛擬私人雲端流程記錄

resource.type="gce_subnetwork" AND
log_name="projects/[PROJECT_ID]/logs/compute.googleapis.com%2Fvpc_flows" AND
json_payload.src_instance.vm_name="[VM_NAME]"
VPN 閘道記錄

resource.type="vpn_gateway" AND
resource.labels.gateway_id="[GATEWAY_ID]"
HTTP 負載平衡器 5xx 錯誤

resource.type="http_load_balancer" AND
http_request.status>=500
HTTP 負載平衡器對 PHPMyAdmin 發出的要求

resource.type="http_load_balancer" AND
http_request.request_url:"phpmyadmin"

安全性記錄篩選器

篩選器名稱 運算式
所有稽核記錄

log_name:"projects/[PROJECT_ID]/logs/cloudaudit.googleapis.com"
資料存取透明化控管機制 (AXT) 稽核記錄

log_name="projects/[PROJECT_ID]/logs/cloudaudit.googleapis.com%2Faccess_transparency"
管理員活動稽核記錄

log_name="projects/[PROJECT_ID]/logs/cloudaudit.googleapis.com%2Factivity"
資料存取稽核記錄

log_name="projects/[PROJECT_ID]/logs/cloudaudit.googleapis.com%2Fdata_access"
系統事件稽核記錄

log_name="projects/[PROJECT_ID]/logs/cloudaudit.googleapis.com%2Fsystem_event"

Stackdriver 篩選器

篩選器名稱 運算式
記錄接收器活動

resource.type="logging_sink" AND
log_name="projects/[PROJECT_ID]/logs/cloudaudit.googleapis.com%2Factivity"
記錄指標建立或更新活動

resource.type="metric" AND
log_name="projects/[PROJECT_ID]/logs/cloudaudit.googleapis.com%2Factivity" AND
proto_payload.method_name:(UpdateLogMetric OR CreateLogMetric)
主機的運作時間網址檢查

resource.type="uptime_url" AND
resource.labels.host="[URL]"

疑難排解

如要深入瞭解進階篩選器語法和疑難排解操作說明,請參閱進階記錄篩選器一文。

後續步驟

如要深入瞭解進階篩選功能並自訂篩選器,請參閱進階記錄篩選器一文。

本頁內容對您是否有任何幫助?請提供意見:

傳送您對下列選項的寶貴意見...

這個網頁
Stackdriver Logging
需要協助嗎?請前往我們的支援網頁