Implement filter in status, website and uri in CLI and Frontend
This commit is contained in:
@@ -266,15 +266,55 @@ to remove just that filter, keeping the others.
|
||||
**Sparkline** — inline SVG trend chart showing total request count per time bucket for the
|
||||
current filter state. Useful for spotting sudden spikes or sustained DDoS ramps.
|
||||
|
||||
**Filter expression box** — a text input above the table accepts a mini filter language that
|
||||
lets you type expressions directly without editing the URL:
|
||||
|
||||
```
|
||||
status>=400
|
||||
status>=400 AND website~=gouda.*
|
||||
status>=400 AND website~=gouda.* AND uri~="^/api/"
|
||||
website=example.com AND prefix=1.2.3.0/24
|
||||
```
|
||||
|
||||
Supported fields and operators:
|
||||
|
||||
| Field | Operators | Example |
|
||||
|-----------|---------------------|----------------------------|
|
||||
| `status` | `=` `!=` `>` `>=` `<` `<=` | `status>=400` |
|
||||
| `website` | `=` `~=` | `website~=gouda.*` |
|
||||
| `uri` | `=` `~=` | `uri~=^/api/` |
|
||||
| `prefix` | `=` | `prefix=1.2.3.0/24` |
|
||||
|
||||
`~=` means RE2 regex match. Values with spaces or quotes may be wrapped in double or single
|
||||
quotes: `uri~="^/search\?q="`.
|
||||
|
||||
The box pre-fills with the current active filter (including filters set by drilldown clicks),
|
||||
so you can see and extend what is applied. Submitting redirects to a clean URL with the
|
||||
individual filter params; `× clear` removes all filters at once.
|
||||
|
||||
On a parse error the page re-renders with the error shown below the input and the current
|
||||
data and filters unchanged.
|
||||
|
||||
**Status expressions** — the `f_status` URL param (and `status` in the expression box) accepts
|
||||
comparison expressions: `200`, `!=200`, `>=400`, `<500`, etc.
|
||||
|
||||
**Regex filters** — `f_website_re` and `f_uri_re` URL params (and `~=` in the expression box)
|
||||
accept RE2 regular expressions. The breadcrumb strip shows them as `website~=gouda.*` and
|
||||
`uri~=^/api/` with the usual `×` remove link.
|
||||
|
||||
**URL sharing** — all filter state is in the URL query string (`w`, `by`, `f_website`,
|
||||
`f_prefix`, `f_uri`, `f_status`, `n`). Copy the URL to share an exact view with another
|
||||
operator, or bookmark a recurring query.
|
||||
`f_prefix`, `f_uri`, `f_status`, `f_website_re`, `f_uri_re`, `n`). Copy the URL to share an
|
||||
exact view with another operator, or bookmark a recurring query.
|
||||
|
||||
**JSON output** — append `&raw=1` to any URL to receive the TopN result as JSON instead of
|
||||
HTML. Useful for scripting without the CLI binary:
|
||||
|
||||
```bash
|
||||
# All 429s by prefix
|
||||
curl -s 'http://frontend:8080/?f_status=429&by=prefix&w=1m&raw=1' | jq '.entries[0]'
|
||||
|
||||
# All errors (>=400) on gouda hosts
|
||||
curl -s 'http://frontend:8080/?f_status=%3E%3D400&f_website_re=gouda.*&by=uri&w=5m&raw=1'
|
||||
```
|
||||
|
||||
**Target override** — append `?target=host:port` to point the frontend at a different gRPC
|
||||
@@ -309,7 +349,9 @@ logtail-cli stream [flags] live snapshot feed (runs until Ctrl-C)
|
||||
| `--website` | — | Filter to this website |
|
||||
| `--prefix` | — | Filter to this client prefix |
|
||||
| `--uri` | — | Filter to this request URI |
|
||||
| `--status` | — | Filter to this HTTP status code (integer) |
|
||||
| `--status` | — | Filter: HTTP status expression (`200`, `!=200`, `>=400`, `<500`, …) |
|
||||
| `--website-re`| — | Filter: RE2 regex against website |
|
||||
| `--uri-re` | — | Filter: RE2 regex against request URI |
|
||||
|
||||
### `topn` flags
|
||||
|
||||
@@ -365,12 +407,21 @@ logtail-cli topn --target agg:9091 --window 1m --group-by prefix --status 429 --
|
||||
logtail-cli topn --target agg:9091 --window 1m --group-by prefix --status 429 --n 20 \
|
||||
--json | jq '.entries[0]'
|
||||
|
||||
# Which website has the most 503s over the last 24h?
|
||||
logtail-cli topn --target agg:9091 --window 24h --group-by website --status 503
|
||||
# Which website has the most errors (4xx or 5xx) over the last 24h?
|
||||
logtail-cli topn --target agg:9091 --window 24h --group-by website --status '>=400'
|
||||
|
||||
# Which client prefixes are NOT getting 200s? (anything non-success)
|
||||
logtail-cli topn --target agg:9091 --window 5m --group-by prefix --status '!=200'
|
||||
|
||||
# Drill: top URIs on one website over the last 60 minutes
|
||||
logtail-cli topn --target agg:9091 --window 60m --group-by uri --website api.example.com
|
||||
|
||||
# Filter by website regex: all gouda hosts
|
||||
logtail-cli topn --target agg:9091 --window 5m --website-re 'gouda.*'
|
||||
|
||||
# Filter by URI regex: all /api/ paths
|
||||
logtail-cli topn --target agg:9091 --window 5m --group-by uri --uri-re '^/api/'
|
||||
|
||||
# Compare two collectors side by side in one command
|
||||
logtail-cli topn --target nginx1:9090,nginx2:9090 --window 5m
|
||||
|
||||
|
||||
Reference in New Issue
Block a user