github.com/yankunsam/loki/v2@v2.6.3-0.20220817130409-389df5235c27/docs/sources/logql/ip.md

github.com/yankunsam/loki/v2@v2.6.3-0.20220817130409-389df5235c27/docs/sources/logql/ip.md (about)

     1  ---
     2  title: Matching IP addresses
     3  weight: 40
     4  ---
     5  
     6  # Matching IP addresses
     7  
     8  LogQL supports matching IP addresses.
     9  
    10  With logs such as
    11  
    12  ```
    13  3.180.71.3 - - [17/May/2015:08:05:32 +0000] "GET /downloads/product_1 HTTP/1.1" 304 0 "-" "Debian APT-HTTP/1.3 (0.8.16~exp12ubuntu10.21)"
    14  80.91.33.133 - - [17/May/2015:08:05:14 +0000] "GET /downloads/product_1 HTTP/1.1" 304 0 "-" "Debian APT-HTTP/1.3 (0.8.16~exp12ubuntu10.16)"
    15  46.4.66.76 - - [17/May/2015:08:05:45 +0000] "GET /downloads/product_1 HTTP/1.1" 404 318 "-" "Debian APT-HTTP/1.3 (1.0.1ubuntu2)"
    16  93.180.71.3 - - [17/May/2015:08:05:26 +0000] "GET /downloads/product_1 HTTP/1.1" 404 324 "-" "Debian APT-HTTP/1.3 (0.8.16~exp12ubuntu10.21)"
    17  ```
    18  
    19  the LogQL line filter is not sufficient.
    20  A line filter such as
    21  
    22  ```logql
    23  {job_name="myapp"} |= "3.180.71.3"
    24  ```
    25  
    26  also matches example IP addresses such as 93.180.71.3. A better choice uses a regexp: `|~"^3.180.71.3"`. This regexp does not handle IPv6 addresses, and it does not match a range of IP addresses.
    27  
    28  The LogQL support for matching IP addresses handles both IPv4 and IPv6 single addresses, as well as ranges within IP addresses
    29  and CIDR patterns.
    30  
    31  Match IP addresses with the syntax: `ip("<pattern>")`.
    32  The `<pattern>` can be:
    33  
    34  -  A single IP address. Examples: `ip("192.0.2.0")`, `ip("::1")`
    35  -  A range within the IP address. Examples: `ip("192.168.0.1-192.189.10.12")`, `ip("2001:db8::1-2001:db8::8")`
    36  -  A CIDR specification. Examples: `ip("192.51.100.0/24")`, `ip("2001:db8::/32")`
    37  
    38  The IP matching can be used in both line filter and label filter expressions.
    39  When specifying line filter expressions, only the `|=` and `!=` operations are allowed.
    40  When specifying label filter expressions, only the  `=` and `!=` operations are allowed.
    41  
    42  - Line filter examples
    43  
    44      ```logql
    45      {job_name="myapp"} |= ip("192.168.4.5/16")
    46      ```
    47  
    48      Return log lines that do not match with an IPv4 range:
    49  
    50      ```logql
    51      {job_name="myapp"} != ip("192.168.4.5-192.168.4.20")
    52      ```
    53  
    54  - Label filter examples
    55  
    56      ```logql
    57      {job_name="myapp"}
    58  		| logfmt
    59  		| remote_addr = ip("2001:db8::1-2001:db8::8")
    60  		| level = "error"
    61      ```
    62  
    63      Filters can be chained. This example matches log lines with all IPv4 subnet values `192.168.4.5/16` except IP address `192.168.4.2`:
    64  
    65      ```logql
    66      {job_name="myapp"}
    67  		| logfmt
    68  		| addr = ip("192.168.4.5/16")
    69  		| addr != ip("192.168.4.2")
    70      ```