ContainerLog 表的查询

有关在 Azure 门户中使用这些查询的信息，请参阅 Log Analytics 教程。 有关 REST API，请参阅查询。

在容器日志表中查找值

** 此查询需要参数才能运行。 容器日志表是从容器的 stdout 和 stderr 流中收集的所用日志行。 此查询将在 LogEntry 指定字符串的 ContainerLogs 表中查找行。

//This qeury requires a parameter to work.
//The ContainerLog table holds Log lines collected from stdout and stderr streams for containers.
//Note: the query runs by default for the last 24 hours. Use the time pikcer to adjust time span for query
let FindString = "";//Please update term  you would like to find in LogEntry here
ContainerLog 
| where LogEntry has FindString 
|take 100

按日志类型列出的可记账日志数据

请参阅容器日志可记账数据，了解按日志类型分隔的最后 7d 可记账数据。

// Set the requested time, anytime greater than 15d can take longer
let billableTimeView = 7d;  
//Join ContainerLog on KubePodInventory for LogEntry source
ContainerLog
| join(KubePodInventory | where TimeGenerated > startofday(ago(billableTimeView)))on ContainerID
| where TimeGenerated > startofday(ago(billableTimeView))
| summarize Total=sum(_BilledSize)/ 1000 by bin(TimeGenerated, 1d), LogEntrySource

列出每个命名空间的容器日志

查看群集中所有命名空间的容器日志。

ContainerLog
|where TimeGenerated > startofday(ago(1h))
|join(
KubePodInventory
| where TimeGenerated > startofday(ago(1h)) 
| distinct Computer, ContainerID, Namespace
)//KubePodInventory Contains namespace information
on Computer, ContainerID
| project TimeGenerated, ContainerID, Namespace , LogEntrySource , LogEntry

在 ContainerLog 中查找

在 ContainerLog 中查找以在 ContainerLog 表中搜索特定值。/n请注意，此查询需要更新 <SeachValue> 参数，才能生成结果

// This query requires a parameter to run. Enter value in SearchValue to find in table.
let SearchValue =  "<SearchValue>";//Please update term you would like to find in the table.
ContainerLog
| where * contains tostring(SearchValue)
| take 1000