ContainerLog 數據表的查詢

如需在 Azure 入口網站 使用這些查詢的詳細資訊，請參閱Log Analytics教學課程。 如需 REST API，請參閱 查詢。

在容器記錄數據表中尋找值

** 此查詢需要參數才能執行。 容器記錄數據表是使用從容器 stdout 和 stderr 數據流收集的記錄行。 此查詢會在 LogEntry 指定 String 的 ContainerLogs 數據表中找到數據列。

//This qeury requires a parameter to work.
//The ContainerLog table holds Log lines collected from stdout and stderr streams for containers.
//Note: the query runs by default for the last 24 hours. Use the time pikcer to adjust time span for query
let FindString = "";//Please update term  you would like to find in LogEntry here
ContainerLog 
| where LogEntry has FindString 
|take 100

依記錄類型計費的記錄數據

請參閱容器記錄計費數據，以記錄類型分隔的最後 7d 個。

// Set the requested time, anytime greater than 15d can take longer
let billableTimeView = 7d;  
//Join ContainerLog on KubePodInventory for LogEntry source
ContainerLog
| join(KubePodInventory | where TimeGenerated > startofday(ago(billableTimeView)))on ContainerID
| where TimeGenerated > startofday(ago(billableTimeView))
| summarize Total=sum(_BilledSize)/ 1000 by bin(TimeGenerated, 1d), LogEntrySource

列出每個命名空間的容器記錄

檢視叢集中所有命名空間的容器記錄。

ContainerLog
|where TimeGenerated > startofday(ago(1h))
|join(
KubePodInventory
| where TimeGenerated > startofday(ago(1h)) 
| distinct Computer, ContainerID, Namespace
)//KubePodInventory Contains namespace information
on Computer, ContainerID
| project TimeGenerated, ContainerID, Namespace , LogEntrySource , LogEntry

在 ContainerLog 中尋找

在 ContainerLog 中尋找以搜尋 ContainerLog 數據表中的特定值。/nNote 指出此查詢需要更新 <SeachValue> 參數以產生結果

// This query requires a parameter to run. Enter value in SearchValue to find in table.
let SearchValue =  "<SearchValue>";//Please update term you would like to find in the table.
ContainerLog
| where * contains tostring(SearchValue)
| take 1000