diff options
| author | Paul Buetow <pbuetow@mimecast.com> | 2021-12-09 09:53:48 +0000 |
|---|---|---|
| committer | Paul Buetow <pbuetow@mimecast.com> | 2021-12-09 09:53:48 +0000 |
| commit | 18d1783378732b6abca0eb89e29636cc81c02db8 (patch) | |
| tree | df4c1b689fc0bebc156e8b1ee8c4034e10c723d5 /doc | |
| parent | a8438bd6f04d7c99c8fd033d7161054a64c85473 (diff) | |
Add query language EBNF and variables.
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/querylanguage.md | 72 |
1 files changed, 70 insertions, 2 deletions
diff --git a/doc/querylanguage.md b/doc/querylanguage.md index 9f38f5e..c6b9beb 100644 --- a/doc/querylanguage.md +++ b/doc/querylanguage.md @@ -13,6 +13,74 @@ To implement your own log format, please also check out the [log formats](./logf ## The complete language +```shell +QUERY := + select SELECT1[,SELECT2...] + from TABLE + [where COND1[,COND2...]] + [group by GROUPFIELD1[,GROUPFIELD2...]] + [order|rorder by ORDERFIELD] + [interval SECONDS] + [limit NUM] + [outfile "FILENAME.csv"] +SELECT := FIELD|AGGREGATION(FIELD) +TABLE := The mapreduce table name, e.g. WRITE in MAPREDUCE:WRITE +AGGREGATION := count|sum|min|max|avg|last|len +COND := ARG1 OPERATOR ARG2 +ARG := This is either + a string: "foo bar" + a float number: 3.14 + a bareword e.g.: responsecode + or a $variable (see below). +OPERATOR := This is one of ... + Floating point operators: + == != < <= > >= + String operators: + eq ne contains lacks (lacks is the opposite of contains, e.g. + "not contains") +GROUPFIELD := bareword|$variable +ORDERFIELD := This must be a AGGREGATION(FIELD) or FIELD which was specified in + select clause already. ``` -TODO: Add EBNF -``` + +## Predefined variables + +This is the list of pre-defined variables. Please note that these vary depending on the log format used. + +### Common variables: + +The common variables may exist in all log formats. + +* `$empty` - The empty string `""` +* `$hostname` - The server FQDN +* `$line` - The current log line +* `$server` - Alias for `$hostname` +* `$timeoffset` - Offset of $timezone +* `$timezone` - The current time zone +* `* (special placeholder) + +### DTail default log format: + +These variables may only exist when your logs are in the DTail default log format: + +*Date and time:* + +* `$hour` - The current hour in format HH +* `$minute` - The current minute in format MM +* `$second` - The current second in format SS. +* `$time` - The current time in format YYYYMMDD-HHMMSS + +*Log level/severity:* + +* `$loglevel` - Alias for `$severity` +* `$severity` - The log severity + +*System and Go runtime:* + +* `$caller` - DTail server caller of the logger +* `$cgocalls` - Num of DTail server CGo calls +* `$cpus` - Num of DTail server CPUs used +* `$goroutines` - Num of DTail server Goroutines used +* `$loadavg` - 1 min. average load average +* `$pid` - DTail server process ID +* `$uptime` - DTail server uptime |