In the previous Loki how-to series, I shared all the best tips for creating fast filter queries that filter out terabytes of data in seconds.
In this installment, I’ll show you how to properly escape special characters in strings in Loki’s LogQL.
As you were writing LogQL queries, you probably realized that you had to write double-quoted strings in multiple places. This is fine for tag matchers, line filters, regular expressions, and tag filters, and we also use double-quoted strings in many places.
However, problems arise when we suddenly want to filter lines that contain double quotes. For example, the following query statement
{namespace="loki-ops",container="query-frontend"} |= """
Copy the code
Logql will return a parsing error because Loki thinks the double-quoted string is not closed.
Here’s another example: this time we pretend we’re working on a Windows container. The same result in this query…
{namespace="dev",container="win-broker"} |= "c:\Users\test\null"
Copy the code
This will result in an error because \U, \t, and \n are considered special characters.
Therefore, we need to escape those special characters. The escape method is \ used before special characters
{the namespace = "Loki - ops", container = "query - frontend"} | = "\" "{namespace =" dev ", container = "win - broker"} | = "c:\\Users\\test\\null"Copy the code
Last but not least, when doing regular expressions, there are more special characters (\,., +,? , etc.) at work. For example, if you want to match the number \d or the dot., you also need to escape them.
So, if you were to extract the IP address, the query would look like this:
{namespace="grafana-com",container="nginx"} |= "/observabilitycon" ! = "assets" | regexp "(? P < ipaddress > \ \ d {1, 3} \ \ \ \ d {1, 3} \ \ \ \ d {1, 3} \ \ \ \ d {1, 3})"Copy the code
There’s a lot \ and it’s easy to confuse.
But the good news is, there’s a cooler way to do it in Loki! We can use what is called a raw string without escaping it. Raw string A string enclosed in backquotes.
The three examples above are simpler with raw strings:
{namespace="loki-ops",container="query-frontend"} |= `"` {namespace="dev",container="win-broker"} |= `c:\Users\test\null` {namespace="grafana-com",container="nginx"} |= "/observabilitycon" ! = "assets" | regexp `(? P < ipaddress > \ d {1, 3} \ \ d {1, 3} \ \ d {1, 3} \ \ d {1, 3}) `Copy the code
The only problem with using raw strings is that if you actually need to escape characters like backquotes (‘), it doesn’t work because it marks the end and beginning of the original string. Therefore, in this case, we must use strings.
Pay attention to the public account “cloud native Xiaobai”, get more exciting content