本页面为您提供建议的查询,以便您使用 Google Cloud Console 中的日志浏览器更轻松地查找重要日志。
所有列出的查询都可以在日志浏览器 、Logging API 或命令行界面 中应用,但本页面重点介绍如何在日志浏览器中使用查询。
日志浏览器使用布尔表达式指定项目中的部分日志条目。您可以使用这些查询选择特定日志或日志服务中的日志条目,或选择满足元数据或用户定义字段相关条件的日志条目。如需详细了解如何查询,请转到在日志浏览器中构建查询 。
开始
如需转到日志浏览器 ,请执行以下操作:
转到 Google Cloud 导航菜单 menu ,然后选择 Logging > 日志浏览器 :转到日志浏览器
选择 Cloud 项目。
在升级 菜单中,从旧版日志查看器 切换到日志浏览器 。
您现在位于日志浏览器中。
使用示例查询
如需应用来自下表的查询,请通过点击任何表达式行末尾的剪贴板图标 file_copy 来复制表达式,然后将复制的表达式粘贴到查询编辑器中:
输入表达式后,点击运行查询 。与查询匹配的日志会列在查询结果 下。
本页面的后面部分列出的一些查询包括您应该用有效值替换的变量(用方括号 [] 表示)。例如,如果查询包含 logName,您提供的 [PROJECT_ID] 必须引用当前选定的 Google Cloud 项目;否则,该查询将不起作用。如需了解详情,请参阅问题排查 。
如果您的查询带有时间戳,则时间范围选择器 会处于停用状态,查询使用时间戳表达式作为其时间范围限制。如果查询不使用时间戳表达式,则会使用时间范围选择器作为其时间范围限制。
提示 :您可以将 log_id 函数用于采用 log_name 表达式的查询。例如,表达式 log_name="projects/[PROJECT_ID] /logs/cloudaudit.googleapis.com%2Fdata_access 与 log_id("cloudaudit.googleapis.com/data_access"). 相同。如需详细了解 log_id 函数,请参阅日志记录查询语言 页面的“函数”部分。以下部分按 Google Cloud 服务对查询进行分组。
App Engine 查询
查询/过滤条件名称
表达式
来自跨年夜的 App Engine 日志(采用世界协调时间 (UTC))
resource . type = "gae_app" AND
severity >= ERROR AND
timestamp >= "2018-12-31T00:00:00Z" AND timestamp <= "2019-01-01T00:00:00Z"
具有服务器错误的 App Engine 请求日志
resource . type = "gae_app" AND
log_id ( "appengine.googleapis.com/request_log" ) AND
httpRequest . status >= 500
采样 HTTP 错误日志
resource . type = "gae_app" AND
protoPayload . status >= 400 AND
sample ( insertId , 0 . 1 )
搜索 App Engine 跟踪 ID
resource . type = "gae_app" AND
trace = "projects/[PROJECT_ID] /traces/[TRACE_ID] "
BigQuery 查询
查询/过滤条件名称
表达式
BigQuery 审核日志
resource . type = ( "bigquery_dataset" OR "bigquery_project" ) AND
logName : "cloudaudit.googleapis.com"
项目的 BigQuery 审核日志
resource . type = "bigquery_project" AND
logName : "cloudaudit.googleapis.com"
数据集的 BigQuery 审核日志
resource . type = "bigquery_dataset" AND
logName : "cloudaudit.googleapis.com"
BI Engine 模型的 BigQuery 审核日志
resource . type = "bigquery_biengine_model" AND
logName : "cloudaudit.googleapis.com"
适用于 Data Transfer Service 运行的 BigQuery 审核日志。
resource . type = "bigquery_dts_run" AND
logName : "cloudaudit.googleapis.com"
Data Transfer Service 配置的 BigQuery 审核日志。
resource . type = "bigquery_dts_config" AND
logName : "cloudaudit.googleapis.com"
BigQuery Data Transfer Service 作业
resource . type = ( "bigquery_project" ) AND
protoPayload . requestMetadata . callerSuppliedUserAgent = "BigQuery Data Transfer Service" AND
protoPayload . methodName = ( "google.cloud.bigquery.v2.JobService.InsertJob" OR "google.cloud.bigquery.v2.JobService.Query" )
BigQuery 数据集更新
resource . type = "bigquery_dataset" AND
log_id ( "cloudaudit.googleapis.com/activity" ) AND
protoPayload . methodName = "google.cloud.bigquery.v2.DatasetService.UpdateDataset"
已完成 BigQuery 作业
resource . type = "bigquery_project" AND
log_id ( "cloudaudit.googleapis.com/data_access" ) AND
protoPayload . methodName = ( "google.cloud.bigquery.v2.JobService.InsertJob" OR "google.cloud.bigquery.v2.JobService.Query" )
BigQuery 大型查询
resource . type = "bigquery_project" AND
protoPayload . metadata . jobChange . job . jobStats . queryStats . totalBilledBytes > 1073741824
已超出 BigQuery 配额
resource . type = ( "bigquery_dataset" OR "bigquery_project" ) AND
protoPayload . status . code = 8 AND
severity >= WARNING
BigQuery 查询已开始
resource . type = "bigquery_project" AND
protoPayload . metadata . jobInsertion . reason : *
Dataflow 查询
查询/过滤条件名称
表达式
Dataflow 工作器中的错误和警告
resource . type = "dataflow_step" AND
log_id ( "dataflow.googleapis.com/worker" ) AND
severity >= WARNING
Dataproc 查询
查询/过滤条件名称
表达式
Dataproc Apache Hadoop 日志
resource . type = "cloud_dataproc_cluster" AND
jsonPayload . class : "org.apache.hadoop.mapreduce"
Cloud Deployment Manager
查询/过滤条件名称
表达式
Deployment Manager 错误
resource . type = "deployment" AND
severity >= ERROR
Cloud Functions 查询
查询/过滤条件名称
表达式
Cloud Functions 函数错误
resource . type = "cloud_function" AND
log_id ( "cloudfunctions.googleapis.com/cloud-functions" ) AND
severity >= ERROR
Identity and Access Management 查询
查询/过滤条件名称
表达式
服务帐号创建日志
resource . type = "service_account" AND
log_id ( "cloudaudit.googleapis.com/activity" ) AND
protoPayload . methodName = "google.iam.admin.v1.CreateServiceAccount"
服务帐号创建密钥日志
resource . type = "service_account" AND
log_id ( "cloudaudit.googleapis.com/activity" ) AND
protoPayload . methodName = "google.iam.admin.v1.CreateServiceAccountKey"
设置访问控制政策日志
resource . type = "project" AND
log_id ( "cloudaudit.googleapis.com/activity" ) AND
protoPayload . methodName = "SetIamPolicy"
已获得组织访问权限的外部主帐号
resource . type = "project" AND
log_id ( "cloudaudit.googleapis.com/activity" ) AND
protoPayload . @ type = "type.googleapis.com/google.cloud.audit.AuditLog" AND
protoPayload . request . @ type : "IamPolicy" AND
protoPayload . serviceData . policyDelta . bindingDeltas . member : * AND
NOT protoPayload . serviceData . policyDelta . bindingDeltas . member : "@[DOMAIN_NAME] .com"
创建、修改或删除资源
log_id ( "cloudaudit.googleapis.com/activity" ) AND
protoPayload . methodName :( "create" OR "delete" OR "update" )
Cloud Source Repositories 查询
查询/过滤条件名称
表达式
Cloud Source Repository 日志
resource . type = "csr_repository" AND
resource . labels . name = "[REPOSITORY_NAME] "
Cloud Spanner 查询
查询/过滤条件名称
表达式
特定 Spanner 实例的 Cloud Spanner 日志
resource . type = "spanner_instance" AND
resource . labels . instance_id = "[SPANNER_INSTANCE] "
Cloud SQL 查询
查询/过滤条件名称
表达式
Cloud SQL 审核日志
resource . type = "cloudsql_database" AND
resource . labels . database_id = "[DATABASE_ID] " AND
log_id ( "cloudaudit.googleapis.com/activity" )
Cloud SQL MySQL 错误日志
resource . type = "cloudsql_database" AND
log_id ( "cloudsql.googleapis.com/mysql.err" )
基于 Cloud SQL MySQL 的数据库
resource . type = "cloudsql_database" AND
resource . labels . database_id = "[DATABASE_ID] " AND
log_id ( "cloudsql.googleapis.com/mysql" )
基于 Cloud SQL Postgres 的数据库
resource . type = "cloudsql_database" AND
resource . labels . database_id = "[DATABASE_ID] " AND
log_id ( "cloudsql.googleapis.com/postgres.log" )
Cloud SQL SQL Server 错误日志
resource . type = "cloudsql_database" AND
log_id ( "cloudsql.googleapis.com/sqlserver.err" )
基于 Cloud SQL SQL Server 的数据库
resource . type = "cloudsql_database" AND
resource . labels . database_id = "[DATABASE_ID] " AND
log_id ( "cloudsql.googleapis.com/sqlagent.out" )
Compute Engine 查询
查询/过滤条件名称
表达式
Google Compute Engine 管理员活动日志
resource . type = "gce_instance" AND
log_id ( "cloudaudit.googleapis.com/activity" )
删除 Google Compute Engine 防火墙规则
resource . type = "gce_firewall_rule" AND
log_id ( "cloudaudit.googleapis.com/activity" ) AND
protoPayload . methodName : "firewalls.delete"
Google Compute Engine 虚拟机系统日志
resource . type = "gce_instance" AND
log_id ( "syslog" )
Cloud Storage 查询
查询/过滤条件名称
表达式
GCS 存储分区日志
resource . type = "gcs_bucket" AND
resource . labels . bucket_name = "[BUCKET_NAME] "
GCS 存储分区审核日志
resource . type = "gcs_bucket" AND
logName : "cloudaudit.googleapis.com"
GCS 存储分区创建日志
resource . type = "gcs_bucket" AND
log_id ( "cloudaudit.googleapis.com/activity" ) AND
protoPayload . method_name = "storage.buckets.create"
GCS 存储分区删除日志
resource . type = "gcs_bucket" AND
log_id ( "cloudaudit.googleapis.com/activity" ) AND
protoPayload . method_name = "storage.buckets.delete"
Cloud Tasks 查询
查询/过滤条件名称
表达式
Cloud Tasks 队列日志
resource . type = "cloud_tasks_queue" AND
resource . labels . queue_id = "[QUEUE_ID] "
与 Kubernetes 相关的查询
如需查看管理员活动审核日志查询的概览和示例,请参阅
GKE 审核日志记录页面 。
集群级层查询
查询/过滤条件名称
表达式
Google Kubernetes Engine 集群操作
resource . type = "gke_cluster" AND
log_id ( "cloudaudit.googleapis.com/activity" )
Google Kubernetes Engine 集群创建
resource . type = "gke_cluster" AND
log_id ( "cloudaudit.googleapis.com/activity" ) AND
protoPayload . methodName = "google.container.v1.ClusterManager.CreateCluster"
Kubernetes 集群部署
resource . type = "k8s_cluster" AND
log_id ( "cloudaudit.googleapis.com/activity" ) AND
protoPayload . methodName :"deployments"
Kubernetes 集群身份验证失败
resource . type = "k8s_cluster" AND
log_id ( "cloudaudit.googleapis.com/activity" ) AND
protoPayload . authenticationInfo . principalEmail = "system:anonymous"
us-central1-b 中的 Kubernetes 集群操作和事件
resource . type = "k8s_cluster" AND
resource . labels . location = "us-central1-b"
来自用户的 Kubernetes pod 请求
resource . type = "k8s_cluster" AND
log_id ( "cloudaudit.googleapis.com/activity" ) AND
protoPayload . methodName :"io.k8s.core.v1.pods" AND
protoPayload . authenticationInfo . principalEmail = "[USER_EMAIL] "
Kubernetes 事件
resource . type = "k8s_cluster" AND
log_id ( "events" )
Kubernetes 端点更新
resource . type = "k8s_cluster" AND
log_id ( "cloudaudit.googleapis.com/activity" ) AND
protoPayload . request . kind = "Endpoints"
Kubernetes 控制层面日志
resource . type = "k8s_cluster" AND
log_id ( "cloudaudit.googleapis.com/activity" ) AND
protoPayload . serviceName = "k8s.io"
Kubernetes Engine 控制层面日志
resource . type = "k8s_cluster" AND
log_id ( "cloudaudit.googleapis.com/activity" ) AND
protoPayload . serviceName = "container.googleapis.com"
pod 删除
resource . type = "k8s_cluster" AND
log_id ( "cloudaudit.googleapis.com/activity" ) AND
protoPayload . methodName =~ "io\.k8s\.core\.v1\.pods\.(create|delete)"
来自控制层面的 Kubernetes pod 审核日志
resource . type = "k8s_cluster" AND
resource . labels . location = "CLUSTER_LOCATION " AND
resource . labels . cluster_name = "CLUSTER_NAME " AND
log_id ( "cloudaudit.googleapis.com/activity" ) AND
protoPayload . resourceName = " core / v1 / namespaces / POD_NAMESPACE / pods / POD_NAME
Kubernetes pod 逐出
resource . type = "k8s_cluster" AND
resource . labels . location = "CLUSTER_LOCATION " AND
resource . labels . cluster_name = "CLUSTER_NAME " AND
log_id ( "cloudaudit.googleapis.com/activity" ) AND
protoPayload . methodName = "io.k8s.core.v1.pods.eviction.create"
来自控制层面的 Kubernetes 节点审核日志
resource . type = "k8s_cluster" AND
resource . labels . location = "CLUSTER_LOCATION " AND
resource . labels . cluster_name = "CLUSTER_NAME " AND
log_id ( "cloudaudit.googleapis.com/activity" ) AND
protoPayload . methodName :"io.k8s.core.v1.nodes"
插件管理器活动的 Kubernetes 集群控制层面
resource . type = "k8s_cluster" AND
resource . labels . location = "CLUSTER_LOCATION " AND
resource . labels . cluster_name = "CLUSTER_NAME " AND
log_id ( "cloudaudit.googleapis.com/activity" ) AND
protoPayload . authenticationInfo . principalEmail = "system:addon-manager"
Kubernetes 控制层面错误(不包括 Conflict,这是正常的)
resource . type = "k8s_cluster" AND
resource . labels . location = "CLUSTER_LOCATION " AND
resource . labels . cluster_name = "CLUSTER_NAME " AND
log_id ( "cloudaudit.googleapis.com/activity" ) AND
protoPayload . status . message != "Conflict" AND
protoPayload . status . code != 0
Ingress 控制器事件
resource . type = "k8s_cluster" AND
resource . labels . location = "CLUSTER_LOCATION " AND
resource . labels . cluster_name = "CLUSTER_NAME " AND
log_id ( "events" ) AND
jsonPayload . source . component = "loadbalancer-controller"
Service 控制器事件 (kube-controller-manager)
resource . type = "k8s_cluster" AND
resource . labels . location = "CLUSTER_LOCATION " AND
resource . labels . cluster_name = "CLUSTER_NAME " AND
log_id ( "events" ) AND
jsonPayload . source . component = "service-controller"
集群自动扩缩器事件
resource . type = "k8s_cluster" AND
resource . labels . location = "CLUSTER_LOCATION " AND
resource . labels . cluster_name = "CLUSTER_NAME " AND
log_id ( "events" ) AND
jsonPayload . source . component = "cluster-autoscaler"
pod 级层查询
过滤条件名称
表达式
创建期间的查询 pod
resource . type = "k8s_pod" AND
resource . labels . pod_name = "POD_NAME " AND
log_id ( "events" )
调度器事件
resource . type = "k8s_pod" AND
resource . labels . location = "CLUSTER_LOCATION " AND
resource . labels . cluster_name = "CLUSTER_NAME " AND
log_id ( "events" ) AND
jsonPayload . source . component = "default-scheduler"
调度器事件(抢占)
resource . type = "k8s_pod" AND
resource . labels . location = "CLUSTER_LOCATION " AND
resource . labels . cluster_name = "CLUSTER_NAME " AND
log_id ( "events" ) AND
jsonPayload . source . component = "default-scheduler" AND
jsonPayload . reason = "Preempted"
节点级层查询
过滤条件名称
表达式
节点事件
resource . type = "k8s_node" AND
log_id ( "events" )
查看 Kube-proxy 日志
resource . type = "k8s_node" AND
log_id ( "kube-proxy" )
查看 dockerd 日志
resource . type = "k8s_node" AND
log_id ( "container-runtime" )
查看 kubelet 错误或故障
resource . type = "k8s_node" AND
log_id ( "kubelet" ) AND
jsonPayload . MESSAGE :( "error" OR "fail" )
查看 GKE 系统日志的节点日志
resource . type = "k8s_node"
logName :( "logs/container-runtime" OR
"logs/docker" OR
"logs/kube-container-runtime-monitor" OR
"logs/kube-logrotate" OR
"logs/kube-node-configuration" OR
"logs/kube-node-installation" OR
"logs/kubelet" OR
"logs/kubelet-monitor" OR
"logs/node-journal" OR
"logs/node-problem-detector" )
命名空间查询
过滤条件名称
表达式
GKE 系统日志的容器和 pod 日志
resource . type = ( "k8s_container" OR "k8s_pod" )
resource . labels . namespace_name = (
"cnrm-system" OR
"config-management-system" OR
"gatekeeper-system" OR
"gke-connect" OR
"gke-system" OR
"istio-system" OR
"knative-serving" OR
"monitoring-system" OR
"kube-system" )
容器查询
过滤条件名称
表达式
集群中所有 pod 和容器内的 stdout 容器日志
resource . type = "k8s_container" AND
log_id ( "stdout" )
集群中所有 pod 和容器内的容器错误日志
resource . type = "k8s_container" AND
log_id ( "stderr" ) AND
severity = ERROR
具有特定名称的 pod 的容器错误日志
resource . type = "k8s_container" AND
resource . labels . pod_name = "POD_NAME " AND
severity = ERROR
特定 pod 中特定容器的容器错误日志
resource . type = "k8s_container" AND
resource . labels . pod_name = "POD_NAME " AND
resource . labels . container_name = "server" AND
severity = ERROR
特定命名空间和容器的容器错误日志
resource . type = "k8s_container" AND
resource . labels . namespace_name = "istio-system" AND
resource . labels . container_name = "egressgateway" AND
severity = ERROR
具有特定标签的 pod 的容器日志
resource . type = "k8s_container" AND
labels . "k8s-pod/app" = "loadgenerator" AND
severity = ERROR
在特定节点上运行的 pod 的容器错误日志
resource . type = "k8s_container" AND
labels . "compute.googleapis.com/resource_name" = [ NODE_NAME ] AND
severity = ERROR
pod 的容器日志,该 pod 具有使用 skaffold 生成的标签
resource . type = "k8s_container" AND
labels . "k8s-pod/app" = "loadgenerator" AND
labels . "k8s-pod/skaffold_dev/run-id" = [ SKAFFOLD_RUN_ID ] severity = ERROR
在 textPayload 中包含 POST 的特定 pod 的容器错误日志
resource . type = "k8s_container" AND
resource . labels . pod_name = "POD_NAME " AND
textPayload :"POST" AND
severity = ERROR
在结构化 JSON 中包含 GET 的特定 pod 的容器错误日志
resource . type = "k8s_container" AND
resource . labels . pod_name = "POD_NAME " AND
jsonPayload . "http.req.method" = "GET" AND
severity = ERROR
kube-system 命名空间中的容器错误日志
resource . type = "k8s_container" AND
resource . labels . namespace_name = "kube-system" AND
severity = ERROR
容器数据分析日志中的容器错误
resource . type = "k8s_container" AND
log_id ( "clouderrorreporting.googleapis.com/insights" )
Kubernetes 容器日志
resource . type = "k8s_container" AND
resource . labels . cluster_name = "CONTAINER_NAME "
Logging 代理应用查询
查询/过滤条件名称
表达式
Apache 日志
resource . type = "gce_instance" AND
( logName : "/apache-access" OR logName : "/apache-error" )
Cassandra 日志
resource . type = "gce_instance" AND
log_id ( "cassandra" )
Chef 日志
resource . type = "gce_instance" AND
logName : "projects/[PROJECT_ID] /logs/chef-"
Gitlab 日志
resource . type = "gce_instance"
logName : "projects/[PROJECT_ID] /logs/gitlab-"
Jenkins 日志
resource . type = "gce_instance" AND
log_id ( "jenkins" )
Jetty 日志
resource . type = "gce_instance" AND
logName : "projects/[PROJECT_ID] /logs/jetty-"
Joomla 日志
resource . type = "gce_instance" AND
log_id ( "joomla" )
Linux 系统日志
resource . type = "gce_instance" AND
log_id ( "syslog" )
Magneto 日志
resource . type = "gce_instance" AND
logName : "projects/[PROJECT_ID] /logs/magneto-"
Mediawiki 日志
resource . type = "gce_instance" AND
log_id ( "mediawiki" )
memcached 日志
resource . type = "gce_instance" AND
log_id ( "memcached" )
MongoDB 日志
resource . type = "gce_instance" AND
log_id ( "mongodb" )
MySQL 日志
resource . type = "gce_instance" AND
log_id ( "mysql" )
Nginx 日志
resource . type = "gce_instance" AND
logName : "projects/[PROJECT_ID] /logs/nginx-"
PostgreSQL 日志
resource . type = "gce_instance" AND
log_id ( "postgresql" )
Puppet 日志
resource . type = "gce_instance" AND
logName : "projects/[PROJECT_ID] /logs/puppet-"
RabbitMQ 日志
resource . type = "gce_instance" AND
logName : "projects/[PROJECT_ID] /logs/rabbitmq-"
Redmine 日志
resource . type = "gce_instance" AND
log_id ( "redmine" )
Salt 日志
resource . type = "gce_instance" AND
logName : "projects/[PROJECT_ID] /logs/salt-"
MySQL 查询速度较慢
resource . type = "gce_instance" AND
log_id ( "mysql-slow" )
Solr 日志
resource . type = "gce_instance" AND
log_id ( "solr" )
SugarCRM 日志
resource . type = "gce_instance" AND
log_id ( "sugarcrm" )
Tomcat 日志
resource . type = "gce_instance" AND
log_id ( "tomcat" )
Zookeeper 日志
resource . type = "gce_instance" AND
log_id ( "zookeeper" )
网络查询
查询/过滤条件名称
表达式
防火墙 - 所有日志
resource . type = "gce_subnetwork" AND
log_id ( "compute.googleapis.com/firewall" )
特定国家/地区的防火墙日志
resource . type = "gce_subnetwork" AND
log_id ( "compute.googleapis.com/firewall" ) AND
jsonPayload . remote_location . country = [ COUNTRY_ISO_ALPHA_3 ]
来自虚拟机的防火墙日志
resource . type = "gce_subnetwork" AND
log_id ( "compute.googleapis.com/firewall" ) AND
jsonPayload . instance . vm_name = "[INSTANCE_NAME] "
防火墙子网日志
resource . type = "gce_subnetwork" AND
log_id ( "compute.googleapis.com/firewall" ) AND
resource . labels . subnetwork_name = "[SUBNET_NAME] "
Compute Engine 子网流量日志到子网
resource . type = "gce_subnetwork" AND
ip_in_net ( jsonPayload . connection . dest_ip , "[SUBNET_IP] " )
VPC 流日志
resource . type = "gce_subnetwork" AND
log_id ( "compute.googleapis.com/vpc_flows" )
特定端口和协议的 VPC 流日志
resource . type = "gce_subnetwork" AND
log_id ( "compute.googleapis.com/vpc_flows" ) AND
jsonPayload . connection . src_port = "[PORT_ID] " AND
jsonPayload . connection . protocol = "[PROTOCOL] "
特定子网的 VPC 流日志
resource . type = "gce_subnetwork" AND
log_id ( "compute.googleapis.com/vpc_flows" ) AND
resource . labels . subnetwork_name "=[SUBNET_NAME] "
特定子网前缀的 VPC 流日志
resource . type = "gce_subnetwork" AND
log_id ( "compute.googleapis.com/vpc_flows" ) AND
ip_in_net ( jsonPayload . connection . dest_ip ,[ SUBNET_IP ])
特定虚拟机的 VPC 流日志
resource . type = "gce_subnetwork" AND
log_id ( "compute.googleapis.com/vpc_flows" ) AND
jsonPayload . src_instance . vm_name = "[VM_NAME] "
VPN 网关日志
resource . type = "vpn_gateway" AND
resource . labels . gateway_id = "[GATEWAY_ID] "
HTTP 负载平衡器 5xx 错误
resource . type = "http_load_balancer" AND
httpRequest . status >= 500
向 PHPMyAdmin 发出的 HTTP 负载平衡器请求
resource . type = "http_load_balancer" AND
httpRequest . request_url : "phpmyadmin"
安全日志记录查询
查询/过滤条件名称
表达式
审核日志 - 全部
logName : "cloudaudit.googleapis.com"
审核日志 - Access Transparency (AXT)
log_id ( "cloudaudit.googleapis.com/access_transparency" )
审核日志 - 管理员活动
log_id ( "cloudaudit.googleapis.com/activity" )
审核日志 - 数据访问
log_id ( "cloudaudit.googleapis.com/data_access" )
审核日志 - 系统事件
log_id ( "cloudaudit.googleapis.com/system_event" )
Google Cloud 的运维套件查询
查询/过滤条件名称
表达式
日志接收器活动
resource . type = "logging_sink" AND
log_id ( "cloudaudit.googleapis.com/activity" )
基于日志的指标创建或更新活动
resource . type = "metric" AND
log_id ( "cloudaudit.googleapis.com/activity" ) AND
protoPayload . methodName :( UpdateLogMetric OR CreateLogMetric )
主机的正常运行时间检查网址
resource . type = "uptime_url" AND
resource . labels . host = "[URL] "
问题排查
如需详细了解查询语法和问题排查说明,请转到
构建查询:问题排查 。
后续步骤
如需详细了解可用于自定义这些查询的查询语法,请参阅
构建查询 。
