Consultas de amostra usando o visualizador de registros (visualização)

resource.type="gae_app" AND
severity>=ERROR AND
timestamp>="2018-12-31T00:00:00Z" AND timestamp<="2019-01-01T00:00:00Z" 

resource.type="gae_app" AND
log_name="projects/[PROJECT_ID]/logs/appengine.googleapis.com%2Frequest_log" AND
http_request.status>=500 

resource.type="gae_app" AND
proto_payload.status >= 400 AND
sample(insertId, 0.1) 

resource.type="gae_app" AND
trace="projects/[PROJECT_ID]/traces/[TRACE_ID]" 

resource.type="bigquery_resource" AND
log_name="projects/[PROJECT_ID]/logs/cloudaudit.googleapis.com" 

resource.type="bigquery_resource" AND
proto_payload.request_metadata.caller_supplied_user_agent="BigQuery Data Transfer Service" AND
proto_payload.method_name="jobservice.insert" 

resource.type="bigquery_resource" AND
log_name="projects/[PROJECT_ID]/logs/cloudaudit.googleapis.com%2Factivity" AND
proto_payload.method_name="datasetservice.update" 

resource.type="bigquery_resource" AND
log_name="projects/[PROJECT_ID]/logs/cloudaudit.googleapis.com%2Fdata_access" AND
proto_payload.method_name="jobservice.jobcompleted" 

resource.type="bigquery_resource" AND
proto_payload.method_name="jobservice.jobcompleted" AND
proto_payload.service_data.job_completed_event.job.job_statistics.total_billed_bytes>1073741824 

resource.type="bigquery_resource" AND
proto_payload.status.code=8 AND
severity>=WARNING 

resource.type="bigquery_resource" AND
proto_payload.method_name="jobservice.insert" 

resource.type="dataflow_step" AND
log_name="projects/[PROJECT_ID]/logs/dataflow.googleapis.com%2Fworker" AND
severity>=WARNING 

resource.type="cloud_dataproc_cluster" AND
json_payload.class:"org.apache.hadoop.mapreduce" 

resource.type="deployment" AND
severity>=ERROR 

resource.type="cloud_function" AND
log_name="projects/[PROJECT_ID]/logs/cloudfunctions.googleapis.com%2Fcloud-functions" AND
severity>=ERROR 

resource.type="service_account" AND
log_name="projects/[PROJECT_ID]/logs/cloudaudit.googleapis.com%2Factivity" AND
proto_payload.method_name="google.iam.admin.v1.CreateServiceAccount" 

resource.type="service_account" AND
log_name="projects/[PROJECT_ID]/logs/cloudaudit.googleapis.com%2Factivity" AND
proto_payload.method_name="google.iam.admin.v1.CreateServiceAccountKey" 

resource.type="project" AND
log_name="projects/[PROJECT_ID]/logs/cloudaudit.googleapis.com%2Factivity" AND
proto_payload.method_name="SetIamPolicy" 

resource.type="project" AND
log_name="projects/[PROJECT_ID]/logs/cloudaudit.googleapis.com%2Factivity" AND
proto_payload.@type="type.googleapis.com/google.cloud.audit.AuditLog" AND
proto_payload.request.@type:"IamPolicy" AND
proto_payload.service_data.policy_delta.binding_deltas.member:* AND
NOT proto_payload.service_data.policy_delta.binding_deltas.member:"@[DOMAIN_NAME].com" 

resource.type="csr_repository" AND
resource.labels.name="[REPOSITORY_NAME]"

resource.type="spanner_instance" AND
resource.labels.instance_id="[SPANNER_INSTANCE]"

resource.type="cloudsql_database" AND
resource.labels.database_id="[DATABASE_ID]" AND
log_name="projects/[PROJECT_ID]/logs/cloudaudit.googleapis.com%2Factivity"

resource.type="cloudsql_database" AND
log_name="projects/[PROJECT_ID]/logs/cloudsql.googleapis.com%2Fmysql.err"

resource.type="cloudsql_database" AND
resource.labels.database_id="[DATABASE_ID]" AND
log_name="projects/[PROJECT_ID]/logs/cloudsql.googleapis.com%2Fmysql"

resource.type="cloudsql_database" AND
resource.labels.database_id="[DATABASE_ID]" AND
log_name="projects/[PROJECT_ID]/logs/cloudsql.googleapis.com%2Fpostgres.log"

resource.type="gce_instance" AND
log_name="projects/[PROJECT_ID]/logs/cloudaudit.googleapis.com%2Factivity"

resource.type="gce_firewall_rule" AND
log_name="projects/[PROJECT_ID]/logs/cloudaudit.googleapis.com%2Factivity" AND
proto_payload.method_name:"firewalls.delete" 

resource.type="gce_instance" AND
log_name="projects/[PROJECT_ID]/logs/compute.googleapis.com%2Factivity_log" 

resource.type="gce_instance" AND
log_name="projects/[PROJECT_ID]/logs/syslog" 

resource.type="gcs_bucket" AND
resource.labels.bucket_name="[BUCKET_NAME]"

resource.type="gcs_bucket" AND
log_name="projects/[PROJECT_ID]/logs/cloudaudit.googleapis.com" 

resource.type="gcs_bucket" AND
log_name="projects/[PROJECT_ID]/logs/cloudaudit.googleapis.com%2Factivity" AND
proto_payload.method_name="storage.buckets.create" 

resource.type="gcs_bucket" AND
log_name="projects/[PROJECT_ID]/logs/cloudaudit.googleapis.com%2Factivity" AND
proto_payload.method_name="storage.buckets.delete" 

resource.type="cloud_tasks_queue" AND
resource.labels.queue_id="[QUEUE_ID]"

resource.type="gke_cluster" AND
log_name="projects/[PROJECT_ID]/logs/cloudaudit.googleapis.com%2Factivity"

resource.type="gke_cluster" AND
log_name="projects/[PROJECT_ID]/logs/cloudaudit.googleapis.com%2Factivity" AND
protoPayload.method_name="google.container.v1.ClusterManager.CreateCluster"

resource.type="k8s_cluster" AND
log_name="projects/[PROJECT_ID]/logs/cloudaudit.googleapis.com%2Factivity" AND
protoPayload.method_name:"deployments"

resource.type="k8s_cluster" AND
log_name="projects/[PROJECT_ID]/logs/cloudaudit.googleapis.com%2Factivity" AND
protoPayload.authentication_info.principal_email="system:anonymous"

resource.type="k8s_cluster" AND
log_name="projects/[PROJECT_ID]/logs/cloudaudit.googleapis.com%2Factivity" AND
protoPayload.method_name="io.k8s.core.v1.secrets" NOT
protoPayload.method_name="get" NOT
protoPayload.method_name="list" NOT
protoPayload.method_name="watch"

resource.type="k8s_cluster" AND
resource.labels.location="us-central1-b"

resource.type="k8s_container" AND
resource.labels.cluster_name="guestbook"

resource.type="k8s_cluster" AND
log_name="projects/[PROJECT_ID]/logs/cloudaudit.googleapis.com%2Factivity" AND
protoPayload.method_name:"io.k8s.core.v1.pods" AND
protoPayload.authentication_info.principal_email="[USER_EMAIL]"

resource.type="k8s_cluster" AND
log_name="projects/[PROJECT_ID]/logs/events"

resource.type="k8s_cluster" AND
log_name="projects/[PROJECT_ID]/logs/cloudaudit.googleapis.com%2Factivity" AND
protoPayload.request.kind="Endpoints"

resource.type="k8s_cluster" AND
log_name="projects/[PROJECT_ID]/logs/cloudaudit.googleapis.com%2Factivity" AND
protoPayload.serviceName="k8s.io"

resource.type="k8s_cluster" AND
log_name="projects/[PROJECT_ID]/logs/cloudaudit.googleapis.com%2Factivity" AND
protoPayload.serviceName="container.googleapis.com"

resource.type="k8s_cluster" AND
protoPayload.methodName=~"io.k8s.core.v1.pods.(create|delete)"
log_name="projects/[PROJECT_ID]/logs/cloudaudit.googleapis.com%2Factivity"

resource.type="k8s_pod" AND
log_name="projects/[PROJECT_ID]/logs/events" AND
resource.labels.pod_name="[POD_NAME]"

resource.type="k8s_node" AND
log_name="projects/[PROJECT_ID]/logs/events"

resource.type="k8s_node" AND
log_name="projects/[PROJECT_ID]/logs/kube-proxy"

resource.type="k8s_node" AND
log_name="projects/[PROJECT_ID]/logs/container-runtime"

resource.type="k8s_node" AND
log_name="projects/[PROJECT_ID]/logs/kubelet" AND
jsonPayload.MESSAGE:("error" OR "fail")

resource.type="k8s_container" AND
log_name="projects/[PROJECT_ID]/logs/stderr" AND
severity=ERROR

resource.type="k8s_container" AND
log_name="projects/[PROJECT_ID]/logs/stdout"

resource.type="k8s_container" AND
resource.labels.pod_name="[POD_NAME]" AND
severity=ERROR

resource.type="k8s_container" AND
resource.labels.pod_name="[POD_NAME]" AND
resource.labels.container_name="server" AND
severity=ERROR

resource.type="k8s_container" AND
resource.labels.namespace_name="istio-system" AND
resource.labels.container_name="egressgateway" AND
severity=ERROR

resource.type="k8s_container" AND
labels."k8s-pod/app"="loadgenerator" AND
severity=ERROR

resource.type="k8s_container" AND
labels."k8s-pod/app"="loadgenerator" AND
labels."k8s-pod/skaffold_dev/run-id"=[SKAFFOLD_RUN_ID] AND
severity=ERROR

resource.type="k8s_container" AND
resource.labels.pod_name="[POD_NAME]" AND
textPayload:"POST" AND
severity=ERROR

resource.type="k8s_container" AND
resource.labels.pod_name="[POD_NAME]" AND
jsonPayload."http.req.method"="GET" AND
severity=ERROR

resource.type="k8s_container" AND
resource.labels.namespace_name="kube-system" AND
severity=ERROR

resource.type="k8s_container" AND
log_name="projects/[PROJECT_ID]/logs/clouderrorreporting.googleapis.com%2Finsights"

resource.type="gce_instance" AND
(log_name:"/apache-access" OR log_name:"/apache-error")

resource.type="gce_instance" AND
log_name="projects/[PROJECT_ID]/logs/cassandra"

resource.type="gce_instance" AND
log_name:"projects/[PROJECT_ID]/logs/chef-"

resource.type="gce_instance"
log_name:"projects/[PROJECT_ID]/logs/gitlab-" 

resource.type="gce_instance" AND
log_name="projects/[PROJECT_ID]/logs/jenkins"

resource.type="gce_instance" AND
log_name:"projects/[PROJECT_ID]/logs/jetty-"

resource.type="gce_instance" AND
log_name="projects/[PROJECT_ID]/logs/joomla"

resource.type="gce_instance" AND
log_name="projects/[PROJECT_ID]/logs/syslog"

resource.type="gce_instance" AND
log_name:"projects/[PROJECT_ID]/logs/magneto-"

resource.type="gce_instance" AND
log_name="projects/[PROJECT_ID]/logs/mediawiki"

resource.type="gce_instance" AND
log_name="projects/[PROJECT_ID]/logs/memcached"

resource.type="gce_instance" AND
log_name="projects/[PROJECT_ID]/logs/mongodb"

resource.type="gce_instance" AND
log_name="projects/[PROJECT_ID]/logs/mysql"

resource.type="gce_instance" AND
log_name:"projects/[PROJECT_ID]/logs/nginx-"

resource.type="gce_instance" AND
log_name="projects/[PROJECT_ID]/logs/postgresql"

resource.type="gce_instance" AND
log_name:"projects/[PROJECT_ID]/logs/puppet-"

resource.type="gce_instance" AND
log_name:"projects/[PROJECT_ID]/logs/rabbitmq-"

resource.type="gce_instance" AND
log_name="projects/[PROJECT_ID]/logs/redmine"

resource.type="gce_instance" AND
log_name:"projects/[PROJECT_ID]/logs/salt-"

resource.type="gce_instance" AND
log_name="projects/[PROJECT_ID]/logs/mysql-slow"

resource.type="gce_instance" AND
log_name="projects/[PROJECT_ID]/logs/solr"

resource.type="gce_instance" AND
log_name="projects/[PROJECT_ID]/logs/sugarcrm"

resource.type="gce_instance" AND
log_name="projects/[PROJECT_ID]/logs/tomcat"

resource.type="gce_instance" AND
log_name="projects/[PROJECT_ID]/logs/zookeeper"

resource.type="gce_subnetwork" AND
log_name="projects/[PROJECT_ID]/logs/compute.googleapis.com%2Ffirewall"

resource.type="gce_subnetwork" AND
log_name="projects/[PROJECT_ID]/logs/compute.googleapis.com%2Ffirewall" AND
json_payload.remote_location.country=[COUNTRY_ISO_ALPHA_3]

resource.type="gce_subnetwork" AND
log_name="projects/[PROJECT_ID]/logs/compute.googleapis.com%2Ffirewall" AND
json_payload.instance.vm_name="[INSTANCE_NAME]"

resource.type="gce_subnetwork" AND
log_name="projects/[PROJECT_ID]/logs/compute.googleapis.com%2Ffirewall" AND
resource.labels.subnetwork_name="[SUBNET_NAME]"

resource.type="gce_subnetwork" AND
ip_in_net(json_payload.connection.dest_ip, "[SUBNET_IP]")

resource.type="gce_subnetwork" AND
log_name="projects/[PROJECT_ID]/logs/compute.googleapis.com%2Fvpc_flows"

resource.type="gce_subnetwork" AND
log_name="projects/[PROJECT_ID]/logs/compute.googleapis.com%2Fvpc_flows" AND
json_payload.connection.src_port="[PORT_ID]" AND
json_payload.connection.protocol="[PROTOCOL]"

resource.type="gce_subnetwork" AND
log_name="projects/[PROJECT_ID]/logs/compute.googleapis.com%2Fvpc_flows" AND
resource.labels.subnetwork_name"=[SUBNET_NAME]"

resource.type="gce_subnetwork" AND
log_name="projects/[PROJECT_ID]/logs/compute.googleapis.com%2Fvpc_flows" AND
ip_in_net(json_payload.connection.dest_ip,[SUBNET_IP])

resource.type="gce_subnetwork" AND
log_name="projects/[PROJECT_ID]/logs/compute.googleapis.com%2Fvpc_flows" AND
json_payload.src_instance.vm_name="[VM_NAME]"

resource.type="vpn_gateway" AND
resource.labels.gateway_id="[GATEWAY_ID]"

resource.type="http_load_balancer" AND
http_request.status>=500

resource.type="http_load_balancer" AND
http_request.request_url:"phpmyadmin"

log_name:"projects/[PROJECT_ID]/logs/cloudaudit.googleapis.com"

log_name="projects/[PROJECT_ID]/logs/cloudaudit.googleapis.com%2Faccess_transparency"

log_name="projects/[PROJECT_ID]/logs/cloudaudit.googleapis.com%2Factivity"

log_name="projects/[PROJECT_ID]/logs/cloudaudit.googleapis.com%2Fdata_access"

log_name="projects/[PROJECT_ID]/logs/cloudaudit.googleapis.com%2Fsystem_event"

resource.type="logging_sink" AND
log_name="projects/[PROJECT_ID]/logs/cloudaudit.googleapis.com%2Factivity"

resource.type="metric" AND
log_name="projects/[PROJECT_ID]/logs/cloudaudit.googleapis.com%2Factivity" AND
proto_payload.method_name:(UpdateLogMetric OR CreateLogMetric)

resource.type="uptime_url" AND
resource.labels.host="[URL]"