Skip to content
Oriel

Logs

Goal

Section titled “Goal”

Use logs to inspect events, messages, severity, structured bodies, and trace correlation.

Workflow

Section titled “Workflow”

Open Logs after setting scope and time range. Filter by service, severity, body, attributes, or resource attributes.

Examples:

logs | where severity >= error | limit 100
logs | where body contains "deadline exceeded" | fields time, service, severity_text, body
logs | where resource.k8s.namespace.name == "prod" | stats count() by service, bin(1m)

The Logs screen also supports live tail behavior through the API tail endpoint. Use it for active incident inspection, then turn important filters into saved queries.

Permissions

Section titled “Permissions”

Logs require telemetry:query.

Section titled “Related Pivots”
  • Open a correlated trace when a log row has a trace_id.
  • Jump from a service value to the service-scoped view.
  • Use recurring log filters as alert rule queries.
  • Use log count trends as dashboard panels.