Try DrDroid: AI Agent for Debugging

Connection

logcli --addr=LOKI_URL query '{job="job_name"}'
Connect to Loki server and run a basic query

logcli --addr=http://localhost:3100 query '{job="job_name"}'
Connect to local Loki instance

Basic Querying

logcli query '{job="job_name"}'
Query logs by job name

logcli query '{container="container_name"}'
Query logs by container name

logcli query '{namespace="kube-system"}'
Query logs by Kubernetes namespace

logcli query '{job="job_name"} |= "error"'
Query logs containing the word 'error'

Advanced Querying

logcli query '{job="job_name"} |= "error" != "timeout"'
Logs with 'error' but not 'timeout'

logcli query '{job="job_name"} |~ "error.*timeout"'
Regex matching for patterns

logcli query '{job="job_name"} |= "error" | json'
Parse logs as JSON

logcli query '{job="job_name"} | json | field_name="value"'
Filter on parsed JSON fields

logcli query --since=1h '{job="job_name"}'
Logs from the last hour

logcli query --from=2023-01-01T10:00:00Z --to=2023-01-01T11:00:00Z '{job="job_name"}'
Time range query

Log Processing

logcli query '{job="job_name"} | logfmt'
Parse logs in logfmt format

logcli query '{job="job_name"} | json | line_format "{{.field_name}}"'
Format output to show specific fields

logcli query '{job="job_name"} | pattern ""'
Extract fields using pattern matching

Aggregation and Analytics

logcli query 'rate({job="job_name"}[5m])'
Calculate rate of logs over 5 minute window

logcli query 'sum(count_over_time({job="job_name"}[5m])) by (level)'
Count logs grouped by level

logcli query 'count_over_time({job="job_name"} |= "error"[5m])'
Count error occurrences over time

Output Controls

logcli query --limit=100 '{job="job_name"}'
Limit the number of results

logcli query --tail '{job="job_name"}'
Stream logs in real-time (tail)

logcli query --output=raw '{job="job_name"}'
Output raw log lines without timestamps

logcli query --output=jsonl '{job="job_name"}'
Output logs as JSON lines