Dokumen ini menyediakan kueri yang disarankan untuk memudahkan Anda menemukan log penting menggunakan Logs Explorer di Konsol Google Cloud.
Kueri yang tercantum ditulis dalam Bahasa kueri Logging, dan dapat digunakan di Logs Explorer, Logging API, atau antarmuka command line.
Logs Explorer menggunakan ekspresi Boolean untuk menentukan subset dari semua entri log dalam project Anda. Anda dapat menggunakan kueri ini untuk memilih entri log dari log atau layanan log tertentu, atau yang memenuhi kondisi pada metadata atau kolom yang ditentukan pengguna.
Sebelum memulai
Untuk melihat log yang Anda kirim dari akun Amazon Web Services (AWS)
ke Logging, pilih
project konektor AWS
di pemilih resource konsol Google Cloud, lalu gunakan
Logs Explorer.
Project konektor AWS menyimpan Amazon Resource Name (ARN) untuk akun AWS Anda dan menautkan akun AWS ke layanan Google Cloud. Untuk mengetahui informasi selengkapnya, lihat artikel
Mengumpulkan metrik dari akun AWS.
Pastikan Anda memiliki izin atau peran Identity and Access Management yang benar untuk membuat kueri menggunakan Logs Explorer. Untuk mengetahui detail tentang izin IAM yang diperlukan, lihat Izin untuk Konsol Google Cloud.
Mulai
-
Di panel navigasi konsol Google Cloud,
pilih Logging, lalu pilih Logs Explorer:
Buka Logs Explorer
Pilih project Google Cloud yang sesuai atau resource Google Cloud lain yang lognya ingin Anda lihat.
Menggunakan contoh kueri
Untuk menerapkan kueri dari tabel berikut, klik ikon
content_copy Content Copy untuk ekspresi,
lalu tempel ekspresi yang disalin ke
kolom editor kueri Logs Explorer:
Jika Anda tidak melihat kolom editor kueri, aktifkan Tampilkan kueri.
Setelah meninjau ekspresi kueri, klik Jalankan kueri. Log yang cocok dengan kueri Anda akan tercantum di bagian Query results.
Beberapa kueri yang dicantumkan nanti di halaman ini menyertakan variabel yang harus Anda ganti dengan nilai yang valid. Misalnya, jika sebuah kueri menyertakan logName, PROJECT_ID yang Anda berikan harus merujuk ke project Google Cloud yang saat ini dipilih; jika tidak, kueri ini tidak akan berfungsi.
Perhatikan hal-hal berikut:
Jika Anda memiliki kueri dengan stempel waktu, pemilih rentang waktu
akan dinonaktifkan, dan kueri akan menggunakan ekspresi stempel waktu sebagai pembatasan
rentang waktunya. Jika kueri tidak menggunakan ekspresi stempel waktu, kueri akan
menggunakan pemilih rentang waktu sebagai batasan rentang waktunya.
Panjang kueri tidak boleh melebihi 20.000 karakter.
Bahasa kueri logging tidak peka huruf besar/kecil, kecuali ekspresi reguler.
Anda dapat menggunakan fungsi log_id untuk kueri dengan ekspresi log_name. Misalnya, ekspresi
log_name="projects/PROJECT_ID/logs/cloudaudit.googleapis.com%2Fdata_access"
sama dengan log_id("cloudaudit.googleapis.com/data_access").
Untuk informasi selengkapnya tentang fungsi log_id, lihat Bahasa kueri logging: Fungsi.
Untuk petunjuk tentang pembuatan kueri di Konsol Google Cloud, lihat Membuat kueri di Logs Explorer.
Bagian berikut mengelompokkan kueri berdasarkan layanan Google Cloud.
Kueri App Engine
| Nama kueri/filter |
Ekspresi |
| Log App Engine dari Malam Tahun Baru (dalam waktu UTC) |
resource.type="gae_app" AND
severity>=ERROR AND
timestamp>="2018-12-31T00:00:00Z" AND timestamp<="2019-01-01T00:00:00Z" |
| Log permintaan App Engine dengan error server |
resource.type="gae_app" AND
log_id("appengine.googleapis.com/request_log") AND
httpRequest.status>=500 |
| Contoh log error HTTP |
resource.type="gae_app" AND
protoPayload.status >= 400 AND
sample(insertId, 0.1)
|
| Telusuri ID rekaman aktivitas App Engine |
resource.type="gae_app" AND
trace="projects/PROJECT_ID/traces/TRACE_ID" |
| Log App Engine |
resource.type="gae_app" AND
resource.labels.module_id="MODULE_ID" AND
resource.labels.version_id="VERSION_ID" |
| Deployment App Engine terbaru |
resource.type="gae_app" AND
protoPayload."@type"="type.googleapis.com/google.cloud.audit.AuditLog" AND
protoPayload.serviceName="appengine.googleapis.com" |
Mengaktifkan dan menonaktifkan kueri API
| Nama kueri/filter |
Ekspresi |
| Audit API mengaktifkan log |
protoPayload.methodName="google.api.serviceusage.v1.ServiceUsage.EnableService" |
| Log penonaktifan API Audit |
protoPayload.methodName="google.api.serviceusage.v1.ServiceUsage.DisableService" |
Kueri BigQuery
| Nama kueri/filter |
Ekspresi |
| Log audit BigQuery |
resource.type=("bigquery_dataset" OR "bigquery_project") AND
logName:"cloudaudit.googleapis.com" |
| Log audit BigQuery untuk sebuah project |
resource.type="bigquery_project" AND
logName:"cloudaudit.googleapis.com" |
| Log audit BigQuery untuk set data |
resource.type="bigquery_dataset" AND
logName:"cloudaudit.googleapis.com" |
| Log audit BigQuery untuk Model BI Engine |
resource.type="bigquery_biengine_model" AND
logName:"cloudaudit.googleapis.com" |
| Log audit BigQuery untuk Data Transfer Service Run. |
resource.type="bigquery_dts_run" AND
logName:"cloudaudit.googleapis.com" |
| Log audit BigQuery untuk konfigurasi Data Transfer Service. |
resource.type="bigquery_dts_config" AND
logName:"cloudaudit.googleapis.com" |
| Tugas layanan transfer data BigQuery |
resource.type=("bigquery_project") AND
protoPayload.requestMetadata.callerSuppliedUserAgent=
"BigQuery Data Transfer Service" AND
protoPayload.methodName=("google.cloud.bigquery.v2.JobService.InsertJob" OR
"google.cloud.bigquery.v2.JobService.Query") |
| Log operasi transfer BigQuery |
resource.type="bigquery_dts_config" AND
labels.run_id="RUN_ID" AND
resource.labels.config_id="CONFIG_ID" |
| Pembaruan set data BigQuery |
resource.type="bigquery_dataset" AND
log_id("cloudaudit.googleapis.com/activity") AND
protoPayload.methodName=
"google.cloud.bigquery.v2.DatasetService.UpdateDataset" |
| Tugas BigQuery selesai |
resource.type="bigquery_project" AND
log_id("cloudaudit.googleapis.com/data_access") AND
protoPayload.methodName=("google.cloud.bigquery.v2.JobService.InsertJob"
OR "google.cloud.bigquery.v2.JobService.Query") |
| Kueri besar BigQuery |
resource.type="bigquery_project" AND
protoPayload.metadata.jobChange.job.jobStats.queryStats.totalBilledBytes
> 1073741824 |
| Kuota BigQuery terlampaui |
resource.type=("bigquery_dataset" OR "bigquery_project")
AND
protoPayload.status.code=8 AND
severity>=WARNING |
| Kueri BigQuery dimulai |
resource.type="bigquery_project" AND
protoPayload.metadata.jobInsertion.reason:* |
| Tugas pemuatan/ekstrak serentak BigQuery |
resource.type="bigquery_resource" AND
protoPayload.methodName="jobservice.insert" AND
protoPayload.serviceData.jobInsertRequest.resource.jobConfiguration.query.query:
"extract" |
Kueri Dataflow
| Nama kueri/filter |
Ekspresi |
| Error dan peringatan di pekerja Dataflow |
resource.type="dataflow_step" AND
log_id("dataflow.googleapis.com/worker") AND
severity>=WARNING |
Kueri Dataproc
| Nama kueri/filter |
Ekspresi |
| Log Dataproc Apache Hadoop |
resource.type="cloud_dataproc_cluster" AND
jsonPayload.class:"org.apache.hadoop.mapreduce" |
Cloud Deployment Manager
| Nama kueri/filter |
Ekspresi |
| Error Deployment Manager |
resource.type="deployment" AND
severity>=ERROR |
Kueri Cloud Functions
| Nama kueri/filter |
Ekspresi |
| Error fungsi Cloud |
resource.type="cloud_function" AND
log_id("cloudfunctions.googleapis.com/cloud-functions") AND
severity>=ERROR |
Kueri Cloud Monitoring
| Nama kueri/filter |
Ekspresi |
|---|
Tampilkan semua error saluran
notifikasi |
resource.type="stackdriver_notification_channel" AND
severity>=ERROR |
Tampilkan error saluran notifikasi
karena throttling |
resource.type="stackdriver_notification_channel" AND
severity>=ERROR AND
jsonPayload.summary="Notification delivery throttled." |
Tampilkan log yang ditulis oleh
resource waktu beroperasi |
resource.type="uptime_url" |
Tampilkan permintaan yang diterima dari
layanan cek uptime |
"GoogleStackdriverMonitoring-UptimeChecks" |
Kueri Cloud Run
| Nama kueri/filter |
Ekspresi |
| Log Cloud Run untuk tugas tertentu |
resource.type="cloud_run_job" AND
resource.labels.service_name="JOB_NAME"
|
| Log Cloud Run untuk revisi dan layanan tertentu |
resource.type="cloud_run_revision" AND
resource.labels.service_name="SERVICE_NAME" |
Kueri Cloud Source Repositories
| Nama kueri/filter |
Ekspresi |
| Log Cloud Source Repository |
resource.type="csr_repository" AND
resource.labels.name="REPOSITORY_NAME" |
Kueri Spanner
| Nama kueri/filter |
Ekspresi |
| Log Cloud Spanner untuk instance spanner tertentu |
resource.type="spanner_instance" AND
resource.labels.instance_id="SPANNER_INSTANCE" |
Kueri Cloud SQL
| Nama kueri/filter |
Ekspresi |
| Log audit Cloud SQL |
resource.type="cloudsql_database" AND
resource.labels.database_id="DATABASE_ID" AND
log_id("cloudaudit.googleapis.com/activity") |
| Log error MySQL Cloud SQL |
resource.type="cloudsql_database" AND
log_id("cloudsql.googleapis.com/mysql.err") |
| Database berbasis MySQL Cloud SQL |
resource.type="cloudsql_database" AND
resource.labels.database_id="DATABASE_ID" AND
log_id("cloudsql.googleapis.com/mysql") |
| Database berbasis Postgres Cloud SQL |
resource.type="cloudsql_database" AND
resource.labels.database_id="DATABASE_ID" AND
log_id("cloudsql.googleapis.com/postgres.log") |
| Log error Cloud SQL Server |
resource.type="cloudsql_database" AND
log_id("cloudsql.googleapis.com/sqlserver.err") |
| Database berbasis Cloud SQL Server |
resource.type="cloudsql_database" AND
resource.labels.database_id="DATABASE_ID" AND
log_id("cloudsql.googleapis.com/sqlagent.out") |
Kueri Cloud Storage
| Nama kueri/filter |
Ekspresi |
| Log bucket GCS |
resource.type="gcs_bucket" AND
resource.labels.bucket_name="BUCKET_NAME" |
| Log audit bucket GCS |
resource.type="gcs_bucket" AND
logName:"cloudaudit.googleapis.com" |
| Log pembuatan bucket GCS |
resource.type="gcs_bucket" AND
log_id("cloudaudit.googleapis.com/activity") AND
protoPayload.method_name="storage.buckets.create" |
| Log penghapusan bucket GCS |
resource.type="gcs_bucket" AND
log_id("cloudaudit.googleapis.com/activity") AND
protoPayload.method_name="storage.buckets.delete" |
Kueri Cloud Tasks
| Nama kueri/filter |
Ekspresi |
| Log antrean Cloud Tasks |
resource.type="cloud_tasks_queue" AND
resource.labels.queue_id="QUEUE_ID" |
Kueri Compute Engine
| Nama kueri/filter |
Ekspresi |
| Log Aktivitas Admin Compute Engine |
resource.type="gce_instance" AND
log_id("cloudaudit.googleapis.com/activity") |
| Penghapusan aturan firewall Compute Engine |
resource.type="gce_firewall_rule" AND
log_id("cloudaudit.googleapis.com/activity") AND
protoPayload.methodName:"firewalls.delete" |
| Syslog VM Compute Engine |
resource.type="gce_instance" AND
log_id("syslog") |
| Authlog VM Compute Engine |
resource.type="gce_instance" AND
log_id("authlog") |
| Error Host Compute Engine |
resource.type="gce_instance"
protoPayload.serviceName="compute.googleapis.com"
(protoPayload.methodName:"OnHostMaintenance"
OR
operation.producer:"OnHostMaintenance")
log_id("cloudaudit.googleapis.com/system_event")
resource.labels.instance_id="INSTANCE_ID"
severity=INFO |
| Host Compute Engine Dimigrasikan |
resource.type="gce_instance"
protoPayload.serviceName="compute.googleapis.com"
(protoPayload.methodName:
"compute.instances.migrateOnHostMaintenance" OR
operation.producer:
"compute.instances.migrateOnHostMaintenance")
log_id("cloudaudit.googleapis.com/system_event")
resource.labels.instance_id="INSTANCE_ID"
severity=INFO |
| VM Compute Engine Dihentikan/Diakhiri |
resource.type="gce_instance"
protoPayload.methodName=
~"compute\.instances\.(guestTerminate|preempted)"
log_id("cloudaudit.googleapis.com/system_event")
resource.labels.instance_id="INSTANCE_ID" |
| Instance VM Compute Engine Dibuat |
resource.type="gce_instance"
protoPayload.methodName:"compute.instances.insert"
log_id("cloudaudit.googleapis.com/activity")
protoPayload.request.name="INSTANCE_NAME" |
| Instance VM Compute Engine Dihapus beserta Nama |
resource.type="gce_instance"
protoPayload.methodName:"compute.instances.delete"
log_id("cloudaudit.googleapis.com/activity")
protoPayload.resourceName:"INSTANCE_NAME" |
| Instance VM Compute Engine Dihapus dengan ID |
resource.type="gce_instance"
protoPayload.methodName:"compute.instances.delete"
log_id("cloudaudit.googleapis.com/activity")
resource.labels.instance_id="INSTANCE_ID" |
| Instance VM Compute Engine Dimulai Ulang |
resource.type="gce_instance"
protoPayload.methodName=~"compute\.instances\.(
stop|reset|automaticRestart|guestTerminate|
instanceManagerHaltForRestart)"
(log_id("cloudaudit.googleapis.com/activity")
OR log_id("cloudaudit.googleapis.com/system_event"))
resource.labels.instance_id="INSTANCE_ID" |
| Kegagalan Integritas Booting VM Terlindungi Compute Engine |
resource.type="gce_instance"
log_id("compute.googleapis.com/shielded_vm_integrity")
jsonPayload.earlyBootReportEvent.policyEvaluationPassed="false"
resource.labels.instance_id="INSTANCE_ID" |
| Instance VM Compute Engine dihentikan oleh OS Tamu |
resource.type="gce_instance"
protoPayload.serviceName="compute.googleapis.com"
(protoPayload.methodName:"compute.instances.guestTerminate" OR
operation.producer:"compute.instances.guestTerminate")
log_id("cloudaudit.googleapis.com/system_event")
resource.labels.instance_id="INSTANCE_ID"
severity=INFO |
| File booting Compute Engine Shielded VM diblokir |
resource.type="gce_instance"
log_id("serialconsole.googleapis.com/serial_port_1_output")
textPayload:("Security Violation")
resource.labels.instance_id="INSTANCE_ID" |
| Persistent Disk Dibuat |
resource.type="gce_disk" AND
protoPayload.methodName:"compute.disks.insert" AND
log_id("cloudaudit.googleapis.com/activity") AND
protoPayload.resourceName: "PERSISTENT_DISK_NAME" |
| Node ditambahkan di Sole Tenant Node |
resource.type="gce_node_group"
log_id("cloudaudit.googleapis.com/activity")
protoPayload.methodName=~("compute.nodeGroups.addNodes"
OR "compute.nodeGroups.insert")
resource.labels.node_group_id="NODE_GROUP_ID"
severity="INFO" |
| Peristiwa penskalaan otomatis di Sole Tenant Node |
resource.type="gce_node_group"
log_id("cloudaudit.googleapis.com/system_event")
protoPayload.methodName=~("compute.nodeGroups.deleteNodes"
OR "compute.nodeGroups.addNodes")
resource.labels.node_group_id="NODE_GROUP_ID" |
| Snapshot Manual Diambil |
resource.type="gce_snapshot"
log_id("cloudaudit.googleapis.com/activity")
protoPayload.methodName:"compute.snapshots.insert"
protoPayload.resourceName:"SNAPSHOT_NAME" |
| Cuplikan Terjadwal Diambil |
resource.type="gce_disk"
log_id("cloudaudit.googleapis.com/system_event")
protoPayload.methodName="ScheduledSnapshots"
protoPayload.response.operationType="createSnapshot"
protoPayload.response.targetLink="PERSISTENT_DISK_NAME" |
| Jadwal Snapshot Dibuat |
resource.type="gce_resource_policy"
log_id("cloudaudit.googleapis.com/activity")
protoPayload.methodName:"compute.resourcePolicies.insert"
protoPayload.request.name="SCHEDULE_NAME" |
| Jadwal Snapshot Terlampir |
resource.type="gce_disk"
log_id("cloudaudit.googleapis.com/activity")
protoPayload.methodName:"compute.disks.addResourcePolicies"
protoPayload.request.resourcePolicys:"SCHEDULE_NAME"
protoPayload.resourceName:"PERSISTENT_DISK_NAME" |
| Melebihi Kuota |
resource.type="gce_instance"
protoPayload.methodName:"compute.instances.insert"
protoPayload.status.message:"QUOTA_EXCEEDED"
severity=ERROR |
| Membuat kueri instance yang tidak responsif di grup instance |
resource.type="gce_instance_group"
resource.labels.instance_group_name="INSTANCE_GROUP_NAME"
jsonPayload.healthCheckProbeResult.healthState="UNHEALTHY" |
| Mengkueri anggota grup instance dalam jangka waktu dalam format waktu UTC |
resource.type="gce_instance_group_manager"
resource.labels.instance_group_manager_name="INSTANCE_GROUP_NAME"
jsonPayload.@type=
"type.googleapis.com/compute.InstanceGroupManagerEvent"
jsonPayload.instanceHealthStateChange.detailedHealthState="HEALTHY"
timestamp >= START_TIME timestamp <= END_TIME |
| Instance dihapus dari Grup Instance |
resource.type="gce_instance_group"
protoPayload.methodName:"compute.instanceGroups.removeInstances"
log_id("cloudaudit.googleapis.com/activity")
resource.labels.instance_group_name="INSTANCE_GROUP_NAME" |
| Template instance disetel atau diperbarui |
resource.type="gce_instance_group_manager"
log_id("cloudaudit.googleapis.com/activity")
protoPayload.methodName=
"v1.compute.instanceGroupManagers.setInstanceTemplate"
resource.labels.instance_group_manager_name="INSTANCE_GROUP_MANAGER" |
| Aturan firewall dihapus |
resource.type="gce_firewall_rule"
log_id("cloudaudit.googleapis.com/activity")
protoPayload.methodName:"firewalls.delete" |
| Log firewall |
resource.type="gce_subnetwork"
log_id("compute.googleapis.com/firewall")
jsonPayload.instance.vm_name="INSTANCE_NAME" |
Kueri Kemampuan observasi Google Cloud
| Nama kueri/filter |
Ekspresi |
| Aktivitas sink log |
resource.type="logging_sink" AND
log_id("cloudaudit.googleapis.com/activity") |
| Aktivitas pembuatan atau pembaruan metrik berbasis log |
resource.type="metric" AND
log_id("cloudaudit.googleapis.com/activity") AND
protoPayload.methodName:(UpdateLogMetric OR CreateLogMetric) |
| Pemeriksaan URL uptime untuk host |
resource.type="uptime_url" AND
resource.labels.host="URL" |
Kueri Identity and Access Management
| Nama kueri/filter |
Ekspresi |
| Log pembuatan akun layanan |
resource.type="service_account" AND
log_id("cloudaudit.googleapis.com/activity") AND
protoPayload.methodName="google.iam.admin.v1.CreateServiceAccount" |
| Log kunci pembuatan akun layanan |
resource.type="service_account" AND
log_id("cloudaudit.googleapis.com/activity") AND
protoPayload.methodName="google.iam.admin.v1.CreateServiceAccountKey" |
| Menetapkan log kebijakan kontrol akses |
resource.type="project" AND
log_id("cloudaudit.googleapis.com/activity") AND
protoPayload.methodName="SetIamPolicy" |
| Akun utama eksternal diberi akses ke organisasi |
resource.type="project" AND
log_id("cloudaudit.googleapis.com/activity") AND
protoPayload.@type="type.googleapis.com/google.cloud.audit.AuditLog" AND
protoPayload.request.@type:"IamPolicy" AND
protoPayload.serviceData.policyDelta.bindingDeltas.member:* AND
NOT protoPayload.serviceData.policyDelta.bindingDeltas.member:"@DOMAIN_NAME.com" |
| Pembuatan, modifikasi, atau penghapusan resource |
log_id("cloudaudit.googleapis.com/activity") AND
protoPayload.methodName:("create" OR "delete" OR "update") |
| Peran diberikan ke akun utama |
log_id("cloudaudit.googleapis.com/activity") AND
resource.type="project" AND
protoPayload.serviceName="cloudresourcemanager.googleapis.com" AND
protoPayload.methodName="SetIamPolicy" AND
protoPayload.serviceData.policyDelta.bindingDeltas.action="Add" AND
protoPayload.serviceData.policyDelta.bindingDeltas.member:"EMAIL_ID" |
| Peran dihapus dari akun utama |
log_id("cloudaudit.googleapis.com/activity") AND
resource.type="project" AND
protoPayload.serviceName="cloudresourcemanager.googleapis.com" AND
protoPayload.methodName="SetIamPolicy" AND
protoPayload.serviceData.policyDelta.bindingDeltas.action="Remove" AND
protoPayload.serviceData.policyDelta.bindingDeltas.member:"EMAIL_ID" |
| Izin diperbarui dalam peran khusus |
log_id("cloudaudit.googleapis.com/activity") AND
resource.type="iam_role" AND
protoPayload.serviceName="iam.googleapis.com" AND
protoPayload.methodName:"UpdateRole" AND
resource.labels.role_name:"ROLE_ID" |
Kueri terkait Kubernetes
Untuk ringkasan dan contoh kueri log audit Aktivitas Admin, lihat kueri yang disediakan di
halaman logging Audit GKE.
Kueri tingkat cluster
| Nama kueri/filter |
Ekspresi |
| Operasi cluster Google Kubernetes Engine |
resource.type="gke_cluster" AND
log_id("cloudaudit.googleapis.com/activity") |
| Pembuatan cluster Google Kubernetes Engine |
resource.type="gke_cluster" AND
log_id("cloudaudit.googleapis.com/activity") AND
protoPayload.methodName="google.container.v1.ClusterManager.CreateCluster"
|
| Deployment cluster Kubernetes |
resource.type="k8s_cluster" AND
log_id("cloudaudit.googleapis.com/activity") AND
protoPayload.methodName:"deployments"
|
| Kegagalan autentikasi cluster Kubernetes |
resource.type="k8s_cluster" AND
log_id("cloudaudit.googleapis.com/activity") AND
protoPayload.authenticationInfo.principalEmail="system:anonymous"
|
Operasi dan peristiwa cluster Kubernetes di us-central1-b |
resource.type="k8s_cluster" AND
resource.labels.location="us-central1-b"
|
| Permintaan pod Kubernetes dari pengguna |
resource.type="k8s_cluster" AND
log_id("cloudaudit.googleapis.com/activity") AND
protoPayload.methodName:"io.k8s.core.v1.pods" AND
protoPayload.authenticationInfo.principalEmail="USER_EMAIL"
|
| Peristiwa Kubernetes |
resource.type="k8s_cluster" AND
log_id("events")
|
| Update Endpoint Kubernetes |
resource.type="k8s_cluster" AND
log_id("cloudaudit.googleapis.com/activity") AND
protoPayload.request.kind="Endpoints"
|
| Log bidang kontrol Kubernetes |
resource.type="k8s_cluster" AND
log_id("cloudaudit.googleapis.com/activity") AND
protoPayload.serviceName="k8s.io"
|
| Log bidang kontrol Kubernetes Engine |
resource.type="k8s_cluster" AND
log_id("cloudaudit.googleapis.com/activity") AND
protoPayload.serviceName="container.googleapis.com"
|
| Penghapusan pod |
resource.type="k8s_cluster" AND
log_id("cloudaudit.googleapis.com/activity") AND
protoPayload.methodName=~"io\.k8s\.core\.v1\.pods\.(create|delete)"
|
| Log audit pod Kubernetes dari bidang kontrol |
resource.type="k8s_cluster" AND
resource.labels.location="CLUSTER_LOCATION" AND
resource.labels.cluster_name="CLUSTER_NAME" AND
log_id("cloudaudit.googleapis.com/activity") AND
protoPayload.resourceName="core/v1/namespaces/POD_NAMESPACE/pods/POD_NAME
|
| Penghapusan pod Kubernetes |
resource.type="k8s_cluster" AND
resource.labels.location="CLUSTER_LOCATION" AND
resource.labels.cluster_name="CLUSTER_NAME" AND
log_id("cloudaudit.googleapis.com/activity") AND
protoPayload.methodName="io.k8s.core.v1.pods.eviction.create"
|
| Log audit node Kubernetes dari bidang kontrol |
resource.type="k8s_cluster" AND
resource.labels.location="CLUSTER_LOCATION" AND
resource.labels.cluster_name="CLUSTER_NAME" AND
log_id("cloudaudit.googleapis.com/activity") AND
protoPayload.methodName:"io.k8s.core.v1.nodes"
|
| Bidang kontrol cluster Kubernetes untuk Aktivitas Addon Manager |
resource.type="k8s_cluster" AND
resource.labels.location="CLUSTER_LOCATION" AND
resource.labels.cluster_name="CLUSTER_NAME" AND
log_id("cloudaudit.googleapis.com/activity") AND
protoPayload.authenticationInfo.principalEmail="system:addon-manager"
|
Error bidang kontrol Kubernetes (tidak termasuk Conflict, yang normal) |
resource.type="k8s_cluster" AND
resource.labels.location="CLUSTER_LOCATION" AND
resource.labels.cluster_name="CLUSTER_NAME" AND
log_id("cloudaudit.googleapis.com/activity") AND
protoPayload.status.message!="Conflict" AND
protoPayload.status.code!=0
|
| Peristiwa Pengontrol Ingress |
resource.type="k8s_cluster" AND
resource.labels.location="CLUSTER_LOCATION" AND
resource.labels.cluster_name="CLUSTER_NAME" AND
log_id("events") AND
jsonPayload.source.component="loadbalancer-controller"
|
| Peristiwa Pengontrol Layanan (kube-controller-manager) |
resource.type="k8s_cluster" AND
resource.labels.location="CLUSTER_LOCATION" AND
resource.labels.cluster_name="CLUSTER_NAME" AND
log_id("events") AND
jsonPayload.source.component="service-controller"
|
| Peristiwa Autoscaler cluster |
resource.type="k8s_cluster" AND
resource.labels.location="CLUSTER_LOCATION" AND
resource.labels.cluster_name="CLUSTER_NAME" AND
log_id("events") AND
jsonPayload.source.component="cluster-autoscaler"
|
Kueri tingkat pod
| Nama filter |
Ekspresi |
| Pod kueri selama pembuatan |
resource.type="k8s_pod" AND
resource.labels.pod_name="POD_NAME" AND
log_id("events")
|
| Pod kueri dihentikan karena tekanan resource |
resource.type="k8s_pod" AND
log_id("events") AND
jsonPayload.reason="Evicted"
|
| Peristiwa Scheduler |
resource.type="k8s_pod" AND
resource.labels.location="CLUSTER_LOCATION" AND
resource.labels.cluster_name="CLUSTER_NAME" AND
log_id("events") AND
jsonPayload.source.component="default-scheduler"
|
| Peristiwa penjadwal (preemption) |
resource.type="k8s_pod" AND
resource.labels.location="CLUSTER_LOCATION" AND
resource.labels.cluster_name="CLUSTER_NAME" AND
log_id("events") AND
jsonPayload.source.component="default-scheduler" AND
jsonPayload.reason="Preempted"
|
Kueri level node
| Nama filter |
Ekspresi |
| Peristiwa node |
resource.type="k8s_node" AND
log_id("events")
|
| Melihat log Kube-proxy |
resource.type="k8s_node" AND
log_id("kube-proxy")
|
| Melihat log Dockerd |
resource.type="k8s_node" AND
log_id("container-runtime")
|
| Melihat error atau kegagalan kubelet |
resource.type="k8s_node" AND
log_id("kubelet") AND
jsonPayload.MESSAGE:("error" OR "fail")
|
| Memeriksa log node untuk log sistem GKE |
resource.type = "k8s_node"
logName:( "logs/container-runtime" OR
"logs/docker" OR
"logs/kube-container-runtime-monitor" OR
"logs/kube-logrotate" OR
"logs/kube-node-configuration" OR
"logs/kube-node-installation" OR
"logs/kubelet" OR
"logs/kubelet-monitor" OR
"logs/node-journal" OR
"logs/node-problem-detector")
|
Kueri namespace
| Nama filter |
Ekspresi |
| Log container dan pod untuk log sistem GKE |
resource.type = ("k8s_container" OR "k8s_pod")
resource.labels.namespace_name = (
"cnrm-system" OR
"config-management-system" OR
"gatekeeper-system" OR
"gke-connect" OR
"gke-system" OR
"istio-system" OR
"knative-serving" OR
"monitoring-system" OR
"kube-system")
|
Kueri penampung
| Nama filter |
Ekspresi |
| Log container stout di semua pod dan container dalam cluster |
resource.type="k8s_container" AND
log_id("stdout")
|
| Log error container di semua pod dan container dalam sebuah cluster |
resource.type="k8s_container" AND
log_id("stderr") AND
severity=ERROR
|
| Log error container untuk pod dengan nama tertentu |
resource.type="k8s_container" AND
resource.labels.pod_name="POD_NAME" AND
severity=ERROR
|
| Log error container untuk container tertentu di pod tertentu |
resource.type="k8s_container" AND
resource.labels.pod_name="POD_NAME" AND
resource.labels.container_name="server" AND
severity=ERROR
|
| Log error container untuk namespace dan penampung tertentu |
resource.type="k8s_container" AND
resource.labels.namespace_name="istio-system" AND
resource.labels.container_name="egressgateway" AND
severity=ERROR
|
| Log container untuk pod dengan label tertentu |
resource.type="k8s_container" AND
labels."k8s-pod/app"="loadgenerator" AND
severity=ERROR
|
| Log error container untuk pod yang berjalan di node tertentu |
resource.type="k8s_container" AND
labels."compute.googleapis.com/resource_name"=NODE_NAME AND
severity=ERROR
|
| Log container untuk pod dengan label yang dibuat menggunakan skaffold |
resource.type="k8s_container" AND
labels."k8s-pod/app"="loadgenerator" AND
labels."k8s-pod/skaffold_dev/run-id"=SKAFFOLD_RUN_ID
severity=ERROR
|
Log error container untuk pod tertentu yang berisi POST di textPayload |
resource.type="k8s_container" AND
resource.labels.pod_name="POD_NAME" AND
textPayload:"POST" AND
severity=ERROR
|
Log error container untuk pod tertentu yang berisi GET di JSON terstruktur |
resource.type="k8s_container" AND
resource.labels.pod_name="POD_NAME" AND
jsonPayload."http.req.method"="GET" AND
severity=ERROR
|
| Log error container di namespace sistem kube |
resource.type="k8s_container" AND
resource.labels.namespace_name="kube-system" AND
severity=ERROR
|
| Error penampung di log analisis penampung |
resource.type="k8s_container" AND
log_id("clouderrorreporting.googleapis.com/insights")
|
| Log container Kubernetes |
resource.type="k8s_container" AND
resource.labels.container_name="CONTAINER_NAME"
|
Kueri bidang kontrol
Catatan: Log bidang kontrol GKE harus diaktifkan.
| Nama filter |
Ekspresi |
| Log server Kubernetes API |
resource.type="k8s_control_plane_component"
resource.labels.component_name="apiserver"
resource.labels.location="CLUSTER_LOCATION"
resource.labels.cluster_name="CLUSTER_NAME"
|
| Log Penjadwal Kubernetes |
resource.type="k8s_control_plane_component"
resource.labels.component_name="scheduler"
resource.labels.location="CLUSTER_LOCATION"
resource.labels.cluster_name="CLUSTER_NAME"
|
| Log Controller Manager Kubernetes |
resource.type="k8s_control_plane_component"
resource.labels.component_name="controller-manager"
resource.labels.location="CLUSTER_LOCATION"
resource.labels.cluster_name="CLUSTER_NAME"
|
Kueri aplikasi agen logging
| Nama kueri/filter |
Ekspresi |
| Log Apache |
resource.type="gce_instance" AND
(logName:"/apache-access" OR logName:"/apache-error") |
| Log Cassandra |
resource.type="gce_instance" AND
log_id("cassandra") |
| Catatan koki |
resource.type="gce_instance" AND
logName:"projects/PROJECT_ID/logs/chef-" |
| Log Gitlab |
resource.type="gce_instance"
logName:"projects/PROJECT_ID/logs/gitlab-" |
| Log Jenkins |
resource.type="gce_instance" AND
log_id("jenkins") |
| Jetty log |
resource.type="gce_instance" AND
logName:"projects/PROJECT_ID/logs/jetty-" |
| Log Joomla |
resource.type="gce_instance" AND
log_id("joomla") |
| {i>Syslog<i} Linux |
resource.type="gce_instance" AND
log_id("syslog") |
| Catatan Magneto |
resource.type="gce_instance" AND
logName:"projects/PROJECT_ID/logs/magneto-" |
| Log mediawiki |
resource.type="gce_instance" AND
log_id("mediawiki") |
| log memcache |
resource.type="gce_instance" AND
log_id("memcached") |
| Log MongoDB |
resource.type="gce_instance" AND
log_id("mongodb") |
| Log MySQL |
resource.type="gce_instance" AND
log_id("mysql") |
| Log Nginx |
resource.type="gce_instance" AND
logName:"projects/PROJECT_ID/logs/nginx-" |
| Log PostgreSQL |
resource.type="gce_instance" AND
log_id("postgresql") |
| Catatan boneka |
resource.type="gce_instance" AND
logName:"projects/PROJECT_ID/logs/puppet-" |
| Log RabbitMQ |
resource.type="gce_instance" AND
logName:"projects/PROJECT_ID/logs/rabbitmq-" |
| Log redmine |
resource.type="gce_instance" AND
log_id("redmine") |
| Log garam |
resource.type="gce_instance" AND
logName:"projects/PROJECT_ID/logs/salt-" |
| Kueri MySQL yang lambat |
resource.type="gce_instance" AND
log_id("mysql-slow") |
| Log solr |
resource.type="gce_instance" AND
log_id("solr") |
| Log SugarCRM |
resource.type="gce_instance" AND
log_id("sugarcrm") |
| Log Tomcat |
resource.type="gce_instance" AND
log_id("tomcat") |
| Log Zookeeper |
resource.type="gce_instance" AND
log_id("zookeeper") |
Kueri terkait jaringan
| Nama kueri/filter |
Ekspresi |
| Firewall- semua log |
resource.type="gce_subnetwork" AND
log_id("compute.googleapis.com/firewall") |
| Log firewall untuk negara tertentu |
resource.type="gce_subnetwork" AND
log_id("compute.googleapis.com/firewall") AND
jsonPayload.remote_location.country=COUNTRY_ISO_ALPHA_3 |
| Log firewall dari VM |
resource.type="gce_subnetwork" AND
log_id("compute.googleapis.com/firewall") AND
jsonPayload.instance.vm_name="INSTANCE_NAME" |
| Log subnet firewall |
resource.type="gce_subnetwork" AND
log_id("compute.googleapis.com/firewall") AND
resource.labels.subnetwork_name="SUBNET_NAME" |
| Log traffic subnetwork Compute Engine ke subnet |
resource.type="gce_subnetwork" AND
ip_in_net(jsonPayload.connection.dest_ip, "SUBNET_IP") |
| Log Aliran VPC |
resource.type="gce_subnetwork" AND
log_id("compute.googleapis.com/vpc_flows") |
| Log Aliran VPC untuk port dan protokol tertentu |
resource.type="gce_subnetwork" AND
log_id("compute.googleapis.com/vpc_flows") AND
jsonPayload.connection.src_port="PORT_ID" AND
jsonPayload.connection.protocol="PROTOCOL" |
| Log Aliran VPC untuk subnet tertentu |
resource.type="gce_subnetwork" AND
log_id("compute.googleapis.com/vpc_flows") AND
resource.labels.subnetwork_name"=SUBNET_NAME" |
| Log Aliran VPC untuk awalan subnet tertentu |
resource.type="gce_subnetwork" AND
log_id("compute.googleapis.com/vpc_flows") AND
ip_in_net(jsonPayload.connection.dest_ip,SUBNET_IP) |
| Log Aliran VPC untuk VM tertentu |
resource.type="gce_subnetwork" AND
log_id("compute.googleapis.com/vpc_flows") AND
jsonPayload.src_instance.vm_name="VM_NAME" |
| Log gateway VPN |
resource.type="vpn_gateway" AND
resource.labels.gateway_id="GATEWAY_ID" |
| Error Load Balancer HTTP 5xx |
resource.type="http_load_balancer" AND
httpRequest.status>=500 |
| Permintaan Load Balancer HTTP ke PHPMyAdmin |
resource.type="http_load_balancer" AND
httpRequest.request_url:"phpmyadmin" |
Kueri logging keamanan
| Nama kueri/filter |
Ekspresi |
| Log audit—semua |
logName:"cloudaudit.googleapis.com" |
| Log audit- Transparansi Akses (AXT) |
log_id("cloudaudit.googleapis.com/access_transparency") |
| Log audit- Aktivitas Admin |
log_id("cloudaudit.googleapis.com/activity") |
| Log audit- Akses Data |
log_id("cloudaudit.googleapis.com/data_access") |
| Log audit- Peristiwa Sistem |
log_id("cloudaudit.googleapis.com/system_event") |
Pemecahan masalah
Untuk mendapatkan petunjuk pemecahan masalah umum saat menggunakan Logs Explorer, lihat Menggunakan Logs Explorer: Pemecahan Masalah.
Langkah selanjutnya
Untuk mengetahui informasi selengkapnya tentang sintaksis kueri, yang dapat Anda gunakan untuk menyesuaikan kueri ini, lihat Bahasa kueri logging.
Untuk mengetahui informasi lebih lanjut tentang pembuatan kueri di Konsol Google Cloud, lihat Mem-build kueri menggunakan bahasa kueri Logging.
