This page describes how to find and use Cloud Logging to view and query logs for your Cloud SQL instance.
To view logs for your Cloud SQL instance log entries:
In the Google Cloud console, go to the Cloud Logging page.
- Select an existing Cloud SQL project at the top of the page.
- In the Query builder, add the following:
- Resource: select Cloud SQL Database. In the dialog, select a Cloud SQL instance.
- Log names: scroll to the Cloud SQL section and select
appropriate log files for your instance. For example:
- Severity: select a log level.
- Time range: select a preset or create a custom range.
gcloud logging read "resource.type=cloudsql_database" \ --project=PROJECT-ID \ --limit=10 \ --format=json
View instance operations log
You can view the logs for an instance in the Operations pane. The Operations pane logs every operation performed on the instance with the following information:
- The time the operation completed, reported in your local time zone.
- The type of operation.
- The status of the operation.
- A message describing the outcome the operation.
If the operation fails, you can use the message to troubleshoot the problem.
To view an instance operations log:
In the Google Cloud console, go to the Cloud SQL Instances page.
- To open the Overview page of an instance, click the instance name.
- Click Operations to change to the pane showing the operation log.
View application logs
Applications that connect to Cloud SQL store their logs in different locations.
App Engine (flexible environment)
In Compute > App Engine > Services:
- In the list of services, find your service.
- Click on the Tools dropdown.
- Select logs
In the Operations > Logging > Logs explorer section of Google Cloud console, use the following query:
View the logs in the Cloud Run Logs Explorer section of the Google Cloud console. Note that Cloud Run reports only error messages from the Cloud SQL Auth proxy. Use a query like the following:
resource.type="cloud_run_revision" resource.labels.service_name="$SERVICE_NAME" resource.labels.revision_name="$REVISION_NAME"
Cloud SQL Auth proxy
In Operations > Logging > Logs explorer, use the following query:
|Audit logs are not found.||Data-Access logs are only written if the operation is an authenticated user-driven API call that creates, modifies, or reads user-created data, or if the operation accesses configuration files or metadata of resources.|
|Operations information is not found in logs.||You want to find more information about an operation.
For example, a user was deleted but you can't find out who did it. The logs show the operation started but don't provide any more information. You must enable audit logging for detailed and personal identifying information (PII) like this to be logged.
|Some logs are filtered from the
||Filtered logs include
AD logs without timestamps, and include:
|Log files are hard to read.||You'd rather view the logs as json or text.You can use the
To download the logs as JSON:
gcloud logging read \ "resource.type=cloudsql_database \ AND logName=projects/PROJECT_ID \ /logs/cloudsql.googleapis.com%2FLOG_NAME" \ --format json \ --project=PROJECT_ID \ --freshness="1d" \ > downloaded-log.json
To download the logs as TEXT:
gcloud logging read \ "resource.type=cloudsql_database \ AND logName=projects/PROJECT_ID \ /logs/cloudsql.googleapis.com%2FLOG_NAME" \ --format json \ --project=PROJECT_ID \ --freshness="1d"| jq -rnc --stream 'fromstream(1|truncate_stream(inputs)) \ | .textPayload' \ --order=asc > downloaded-log.txt