The following tip
changes can be tested by building VictoriaLogs from the latest commit of VictoriaMetrics repository
according to these docs
tip #
FEATURE: Datadog data ingestion: added
-datadog.streamFields
and-datadog.ignoreFields
flags to configured default stream and ignore fields. Useful for Datadog serverless plugin, which doesn’t allow to provide extra headers of query args.BUGFIX: Datadog data ingestion: accepts
message
field as both string and object type to fix compatibility with Datadog serverless extension, which sends logs data in format, which is not documented. See this issue.BUGFIX: vlinsert: order of VL-Msg-Field values now defines a priority of these fields and it’s now obvious for a user which field will be picked if multiple msg_field values exist in a row.
v1.4.0 #
Released at 2024-12-22
FEATURE:
stats
pipe: allow non-numeric field values atmedian
andquantile
stats functions.FEATURE: improve performance of
stats
pipe andtop
pipe by up to 2x when these pipes are applied to logs with millions of uniqueby (...)
groups.FEATURE:
stats
pipe: addcount_uniq_hash
function, which counts the number of unique value hashes. This number is usually a good approximation to the number of unique values, so thecount_uniq_hash
can be used as a faster alternative tocount_uniq
.FEATURE:
stats
pipe: improve performance ofcount_uniq
anduniq_values
functions when they are applied to fields with big number of unique values.FEATURE:
facets
pipe: add an ability to return log fields with the same values across all the selected logs by addingkeep_const_fields
option. Such log fields aren’t interesting in most cases, so they aren’t returned by default.FEATURE:
in
filter: improve performance forin(<query>)
when the<query>
returns big number of values.FEATURE: HTTP querying APIs: allow passing arbitrary LogsQL filters to
extra_filters
andextra_stream_filters
query args. See these docs and this feature request for details.FEATURE: Grafana Loki data ingestion: add support of Loki healthcheck
/insert/ready
endpoint. See this issue.FEATURE:
stream_context
pipe: return an error as soon as too many logs and/or log streams are passed to this pipe. This prevents from excess resource usage by thestream_context
pipe when it is improperly used. It is expected that the results of this pipe are investigated by humans, who cannot inspect surrounding logs for millions of the logs passed tostream_context
. This change addresses this and this issues.BUGFIX: syslog data ingestion: correctly parse rows with multiple consecutive spaces between fields. See this issue.
BUGFIX: web UI: fix cursor reset in query input field. See this issue.
BUGFIX:
sort
pipe: fix improper sorting of numeric fields in some cases.BUGFIX: properly return an empty minimum value from
min
stats function.
v1.3.2 #
Released at 2024-12-09
FEATURE:
collapse_nums
pipe: add an ability to prettify some patterns across collapsed numbers. For example,<N>.<N>.<N>.<N>
is replaced with<IP4>
when executingcollapse_nums prettify
pipe.BUGFIX:
stream_context
pipe: fixindex out of range [0] with length 0
panic, which has been introduced in v1.3.0-victorialogs. See this issue.
v1.3.1 #
Released at 2024-12-08
- BUGFIX:
facets
pipe: fixassignment to entry in nil map
panic, which has been introduced in v1.3.0-victorialogs.
v1.3.0 #
Released at 2024-12-08
- FEATURE: add
collapse_nums
pipe, which replaces all the decimal and hexadecimal numbers with<N>
in the given log field. This can be useful for locating the most frequently seen log message patterns if log messages differ only by decimal and hexadecimal numbers (this is very frequent case). For example, the following query returns top 5 log message patterns seen over the last hour:_time:1h | collapse_nums | top 5 by (_msg)
. - FEATURE: improve performance for
stream_context
pipe over log streams with big number of logs (millions and more). See this issue. - FEATURE:
stream_context
pipe allow changing the time window for search for surrounding logs viatime_window
option. For example, the following query searches for surrouning log stream logs on the one week window:_time:5m error | stream_context before 10 time_window 1w
. Thanks to @worker24h for the idea.
v1.2.0 #
Released at 2024-12-06
FEATURE: add
rate
andrate_sum
stats functions, which can be used for calculating the average per-second rate of matching logs and the average per-second rate of sum over the given numberic log fields. See this feature request.FEATURE: add
facets
pipe, which can be used for returning the most frequent values across all the fields seen in the selected logs. This pipe simplifies logs’ exploration.FEATURE: add
/select/logsql/facets
HTTP endpoint, which returns the most frequent values across all the fields seen in the selected logs. This endpoint is going to be used for building faceted search over logs in the VictoriaLogs web UI.BUGFIX:
/select/logsql/stats_query
: properly applylimit
atstats
pipe. The bug was introduced in the release v1.1.0 when fixing this issue.BUGFIX:
math
pipe: properly format expressions with multiple binary operations with the same priority. For example,x / (y * z)
was improperly formatted asx / y * z
, whilex - (y + z)
was improperly formatted asx - y + z
. This could lead to incorrect query results in vlogscli.
v1.1.0 #
Released at 2024-12-05
FEATURE: add
first
andlast
pipes for returning the firstN
and the lastN
logs after sorting them by the given set of log fields. For example, the following query returns up to 5 logs with the biggest value forrequest_duration
over the last hour:_time:1h | last 5 by (request_duration)
.FEATURE:
sort
pipe: add an ability to applylimit
individually per group of logs viapartition by (...)
syntax. For example, the following query returns up to 3 logs with the smallestrequest_duration
individually per eachhost
:_time:5m | sort by (request_duration) limit 3 partition by (host)
.FEATURE: format pipe: allow formatting log fields in lowercase and uppercase via
<uc:field_name>
and<lc:field_name>
syntax. This can be useful when some fields must be consistently transformed to the same case during querying. See this issue.FEATURE: web UI: add frontend-only pagination for table view.
FEATURE: web UI: improve memory consumption during data processing. This enhancement reduces the overall memory footprint, leading to better performance and stability.
FEATURE: web UI: reduce memory usage across all tabs for improved performance and stability. See this issue.
FEATURE: Grafana Loki data ingestion: use Loki stream labels as VictoriaLogs stream fields by default. The set of stream fields can be overriden via
_stream_fields
query arg or viaVL-Stream-Fields
header as described here.FEATURE: OpenTelemetry data ingestion: use resource labels as VictoriaLogs stream fields by default. The set of stream fields can be overriden via
_stream_fields
query arg or viaVL-Stream-Fields
header as described here.FEATURE: data ingestion: expose
vl_bytes_ingested_total
counter at/metrics
page. This counter tracks an estimated number of bytes processed when parsing the ingested logs. This counter is exposed individually per every supported data ingestion protocol - the protocol name is exposed in thetype
label. For example,vl_bytes_ingested_total{type="jsonline"}
tracks an estimated number of bytes processed when reading the ingested logs via json line protocol. Thanks to @tenmozes for the idea and the initial implementation.FEATURE: data ingestion: expose
vl_too_long_lines_skipped_total
counter at/metrics
page. This counter tracks the number of the ingested lines with the length bigger than the value of-insert.maxLineSizeBytes
command-line flag. Such lines are ignored.BUGFIX:
/select/logsql/stats_query_range
API: properly handlelimit
pipe aftersort
pipe. Previously thelimit
was applied globally across all the calculated stats, while it must be applied individually per eachstep
on thestart ... end
time range. See this issue.BUGFIX: vmui: fix for
showLegend
andalias
flags in predefined panels. See this issueBUGFIX: fix
too big number of columns detected in the block
panic when the ingested logs contain more than 2000 fields with different names per every log stream. See this issue for details.BUGFIX: properly parse lines after too long JSON lines and Elasticsearch lines with the length exceeding
-insert.maxLineSizeBytes
. Previously all the lines after the too long line in the stream were ignored.
v1.0.0 #
Released at 2024-11-12
This release is identical to v0.42.0.
VictoriaLogs gained all the planned features since the initial v0.1.0 release 1.5 years ago, and is ready for production!
v0.42.0 #
Released at 2024-11-08
FEATURE:
join
pipe: add an ability to add prefix to all the log field names from the joined query, by using| join by (<by_fields>) (<query>) prefix "some_prefix"
syntax.FEATURE:
_time
filter: allow specifying offset without time range. For example,_time:offset 1d
matches all the logs untilnow-1d
in the_time
field. This is useful when building graphs for time ranges with some offset in the past.FEATURE:
/select/logsql/tail
HTTP endpoint: support foroffset
query arg, which can be used for delayed emission of matching logs during live tailing. Thanks to @Fusl for the initial idea and implementation in this pull request.FEATURE: vlogscli: allow enabling and disabling wrapping of long lines, which do not fit screen width, with
\wrap_long_lines
command.FEATURE: syslog data ingestion: allow overriding default stream fields with the given log fields during data ingestion. See these docs. See this feature request.
FEATURE: syslog data ingestion: allow adding arbitrary log fields via
[label1=value1 ... labelN=valueN]
syntax inside Syslog messages. For example,<165>1 2024-06-03T17:42:00.000Z example.com appname 12345 ID47 [field1=value1 field2=value2] some message
.FEATURE: syslog data ingestion: allow dropping the specified log fields during data ingestion. See these docs.
FEATURE: syslog data ingestion: allow adding the specified log fields during data ingestion. See these docs. See this issue.
FEATURE: Loki data ingestion: show the original request body on parse errors. This should simplify debugging. See this issue.
BUGFIX:
values
stats function: fix a bug, which could lead to corrupted results. See this issue.BUGFIX:
uniq_values
,min
,max
,row_min
androw_max
stats functions: fix a bug, which could return non-matching field values for these functions. See this issue.BUGFIX: HTTP querying APIs: properly take into account the
end
query arg when calculating time range for_time:duration
filter. Previously the_time:duration
filter was treated as_time:[now-duration, now)
, while it should be treated as_time:[end-duration, end)
.
v0.41.0 #
Released at 2024-11-06
FEATURE: support structured metadata when ingesting logs with Grafana Loki ingestion protocol. See this issue.
FEATURE: add
join
pipe, which can be used for performing SQL-like joins.FEATURE: support returning historical logs from live tailing API via
start_offset
query arg. For example, request to/select/logsql/tail?query=*&start_offset=5m
returns logs for the last 5 minutes before starting returning live tailing logs for the givenquery
.FEATURE: add an ability to specify extra fields for logs ingested via HTTP-based data ingestion protocols. See
extra_fields
query arg andVL-Extra-Fields
HTTP header in these docs.FEATURE: add
block_stats
pipe for returning various per-block stats. This pipe is useful for debugging.FEATURE: web UI: add sorting of logs by groups and within each group by time in desc order. See this issue and this issue.
FEATURE: add support for receiving DataDog logs over network. See this issue.
BUGFIX: properly sort fields with floating-point numbers by
sort
pipe. Previously floating-point numbers could be improperly sorted because they were treated as strings, and natural sorting was incorrectly applied to them. For example,0.123
was treated as bigger than0.9
.
v0.40.0 #
Released at 2024-10-31
FEATURE: add support for extra filters across all the HTTP querying APIs. See these docs for details. This is needed for implementing quick filtering on field values at this feature request.
BUGFIX: properly apply
replace
andreplace_regexp
pipes to identical values in adjacent log entries. See this issue.BUGFIX: properly apply
extract
andextract_regexp
pipe with additionalif (...)
filter (aka conditional extract and conditional extract_regexp).
v0.39.0 #
Released at 2024-10-30
FEATURE: allow specifying a list of log fields, which may contain log message, via
_msg_field
query arg and viaVL-Msg-Field
HTTP request header. For example,_msg_field=message,event.message
instructs obtaining message field from the first non-empty field out of themessage
andevent.message
fields. See these docs for details.FEATURE: accept logs without
_msg
field. In this case the_msg
field is automatically set to the value specified in the-defaultMsgValue
command-line flag.BUGFIX: fix
runtime error: index out of range [0] with length 0
panic during low-rate data ingestion. The panic has been introduced in v0.38.0. See this issue.
v0.38.0 #
Released at 2024-10-29
FEATURE: added the ability to receive systemd (journald) logs over network. See this issue.
FEATURE: improve performance for queries over large volume of logs with big number of fields (aka
wide events
).FEATURE: improve performance for
/select/logsql/field_values
HTTP endpoint.FEATURE: improve performance for
field_values
pipe when it is applied directly to log filter.FEATURE: add an ability to return
rank
field fromtop
pipe. For example, the following query returns1..5
rank per each returnedip
with the biggest number of logs over the last 5 minute:_time:5m | top 5 by (ip) rank
.BUGFIX: web UI: fix various glitches with updating query responses. The issue was introduced in v0.36.0. See this issue.
v0.37.0 #
Released at 2024-10-18
FEATURE: web UI: add ability to hide hits chart. See this issue.
FEATURE: add basic alerting rules for VictoriaLogs process. See details at monitoring docs.
FEATURE: improve
stats
pipe performance on systems with many CPU cores whenby(...)
fields contain big number of unique values. For example,_time:1d | stats by (user_id) count() x
should be executed much faster whenuser_id
field contains millions of unique values.FEATURE: improve performance for
top
,uniq
andfield_values
pipes on systems with many CPU cores when it is applied to log fields with big number of unique values. For example,_time:1d | top 5 (user_id)
should be executed much faster whenuser_id
field contains millions of unique values.FEATURE: improve performance for
field_names
pipe when it is applied to logs with hundreds of log fields.BUGFIX: web UI: fix display of hits chart. See this issue.
v0.36.0 #
Released at 2024-10-16
FEATURE: optimize LogsQL queries, which need to scan big number of logs with big number of log fields (aka
wide events
). The performance for such queries is improved by 10x and more depending on the number of log fields in the scanned logs. The performance improvement is visible when querying logs ingested after the upgrade to this release.FEATURE: add support for forced merge. See these docs.
FEATURE: skip empty log fields in query results, since they are treated as non-existing fields in VictoriaLogs data model. This should reduce the level of confusion for end users when they see empty log fields.
FEATURE: allow using
format
pipe for creating output labels from existing log fields at/select/logsql/stats_query
and/select/logsql/stats_query_range
endpoints.FEATURE: web UI: add the ability to cancel running queries. See this issue.
BUGFIX: avoid possible panic when logs for a new day are ingested during execution of concurrent queries.
BUGFIX: avoid panic at
lib/logstorage.(*blockResultColumn).forEachDictValue()
when the query contains stats with additional filters. The panic has been introduced in v0.33.0 in this commit.BUGFIX: add more checks for stats query APIs to avoid invalid results.
BUGFIX: vmui: fix error messages rendering from overflowing the screen with long messages. See this issue.
v0.35.0 #
Released at 2024-10-09
- FEATURE: vlogscli: add ability to live tail query results - see these docs.
- FEATURE: vlogscli: add compact output mode for query results. It can be enabled by typing
\c
and then pressingenter
. See these docs. - FEATURE: vlogscli: add
-accountID
and-projectID
command-line flags for settingAccountID
andProjectID
values when querying the specific tenants.
v0.34.0 #
Released at 2024-10-08
- FEATURE: vlogscli: add ability to display results in
logfmt
mode, single-line and multi-line JSON modes according these docs. - FEATURE: vlogscli: preserve
less
output after the exit from scrolling mode. This should help re-using previous query results in subsequent queries. - FEATURE: add
len
pipe for calculating the length for the given log field value in bytes.
v0.33.0 #
Released at 2024-10-01
FEATURE: add interactive command-line tool for querying VictoriaLogs -
vlogscli
.BUGFIX:
count_uniq
stats function: do not count field values, which aren’t matched by the used filters. See this issue.
v0.32.1 #
Released at 2024-09-30
- BUGFIX: do not return field values with zero matching logs from
field_values
,top
anduniq
pipes. See this issue.
v0.32.0 #
Released at 2024-09-29
FEATURE: data ingestion: accept Unix timestamps in seconds in the ingested logs. This simplifies integration with systems, which prefer Unix timestamps over text-based representation of time.
FEATURE:
sort
pipe: allow usingorder
alias instead ofsort
. For example,_time:5s | order by (_time)
query works the same as_time:5s | sort by (_time)
. This simplifies the to LogsQL transition from SQL-like query languages.FEATURE:
stats
pipe: allow using multiple identical stats functions with distinct filters and automatically generated result names. For example,_time:5m | count(), count() if (error)
query works as expected now, e.g. it returns two results over the last 5 minutes: the total number of logs and the number of logs witherror
word. Previously this query couldn’t be executed because theif (...)
condition wasn’t included in the automatically generate result name, so both results had the same name -count(*)
.BUGFIX: properly calculate
uniq
andtop
pipes. Previously they could return invalid results in some cases.
v0.31.0 #
Released at 2024-09-27
- FEATURE: web UI: improved readability of staircase graphs and tooltip usability. See this comment.
- FEATURE: web UI: simplify query input by adding only the label name when
ctrl
+clicking the line legend. See this comment. - FEATURE: web UI: keep selected columns in table view on page reloads. Before, selected columns were reset on each update. See this issue.
- FEATURE: allow skipping
_stream:
prefix in stream filters. This simplifies writing queries with stream filters. Now{foo="bar"}
is the recommended format for stream filters over the_stream:{foo="bar"}
format. - FEATURE: allow using
-
instead of!
asNOT
operator shorthand in logical filters. For example,-info -warn
query is equivalent to!info !warn
. This simplifies transition from other query languages with full-text search support, which usually use-
asNOT
operator.
v0.30.1 #
Released at 2024-09-27
- BUGFIX: consistently return matching log streams sorted by time from
stream_context
pipe. Previously log streams could be returned in arbitrary order with every request. This could complicate usingstream_context
pipe. - BUGFIX:
stream_context
pipe: add missing_msg="---"
delimiter between stream contexts belonging to different log streams. This should simplify investigatingstream_context
output for multiple matching log streams.
v0.30.0 #
Released at 2024-09-27
FEATURE: web UI: add button for enabling auto refresh, similarly to VictoriaMetrics vmui. See this issue.
FEATURE: drop logs without
_msg
field or with empty_msg
field, since this field is required to be non-empty in VictoriaLogs data model. See this issue.FEATURE: improve performance of analytical queries, which do not need reading the
_time
field. See this issue.FEATURE: add
blocks_count
pipe, which can be used for counting the number of matching blocks for the given query. For example,_time:5m | blocks_count
returns the number of blocks with logs for the last 5 minutes. This pipe can be useful for debugging purposes.FEATURE: support ingesting logs with
_time
field, which doesn’t contain timezone information. For example,2024-09-20T10:20:30
. In this case the local timezone of the host where VictoriaLogs runs is used. See this issue.FEATURE: reduce memory usage when
stream_context
pipe is applied to log streams with big number of messages. See this issue.BUGFIX: fix Windows build, which has been broken in v0.29.0. See this issue.
BUGFIX: properly return logs from
/select/logsql/tail
endpoint if the query contains_time:some_duration
filter like_time:5m
. See this issue. The bug has been introduced in v0.29.0.BUGFIX: properly return logs without
_msg
field when*
query is passed to/select/logsql/query
endpoint together with positivelimit
arg. See this issue. Thanks to @jiekun for identifying the root cause of the issue.BUGFIX: support ingesting logs with
_time
field containing whitespace delimiter between the date and time instead ofT
delimiter. For example,2024-09-20 10:20:30
. This is valid ISO8601 format akaSQL datetime
format, which sometimes is used in production. See this issue.BUGFIX: return all the requested surrounding logs for
stream_context
pipe. Previously only logs matching the_time
filter were returned. This is needed for this feature.
v0.29.0 #
Released at 2024-09-08
FEATURE: add
/select/logsql/stats_query
HTTP API, which is going to be used by vmalert for executing alerting and recording rules against VictoriaLogs. See this feature request for details.FEATURE: add
/select/logsql/stats_query_range
HTTP API, which is going to be used by VictoriaLogs plugin for Grafana for building time series panels. See this feature request for details.FEATURE: optimize multi-exact queries with many phrases to search. For example,
ip:in(path:="/foo/bar" | keep ip)
when there are many unique values forip
field among log entries with/foo/bar
path.FEATURE: web UI: add support for displaying the top 5 log streams in the hits graph. The remaining log streams are grouped into an “other” label. See this issue.
FEATURE: web UI: add the ability to customize the graph display with options for bar, line, stepped line, and points.
FEATURE: web UI: add fields for setting AccountID and ProjectID. See this issue.
FEATURE: web UI: add a toggle button to the “Group” tab that allows users to expand or collapse all groups at once.
FEATURE: web UI: introduce the ability to select a key for grouping logs within the “Group” tab.
FEATURE: web UI: display the number of entries within each log group.
FEATURE: web UI: move the Markdown toggle to the general settings panel in the upper left corner.
FEATURE: web UI: add search functionality to the column display settings in the table. See this issue.
FEATURE: web UI: add the ability to select all columns in the column display settings of the table. See this issue. Thanks to @yincongcyincong for the pull request.
FEATURE: Allow to define ingestion parameters via headers. Supported headers -
VL-Msg-Field
,VL-Stream-Fields
,VL-Ignore-Fields
,VL-Time-Field
,VL-Debug
. See this PR for details.FEATURE: vlinsert: added OpenTelemetry logs ingestion support. See this PR for details.
BUGFIX: properly handle Logstash requests for Elasticsearch configuration when using
outputs.elasticsearch
in Logstash pipelines. Previously, the requests could be rejected with400 Bad Request
response. Updates this issue.BUGFIX: vmui: fix
not found index.js
error when loading vmui in VictoriaLogs. See this issue. Thanks to @yincongcyincong for the pull request.BUGFIX: properly execute queries with
OR
filters for distinct log fields. For example,field1:foo OR field2:bar
. Previously logs matching these filters may be skipped during querying. See this issue for details. Thanks to @yincongcyincong for the pull request.
v0.28.0 #
Released at 2024-07-10
- FEATURE: web UI: show a spinner on top of bar chart until user’s request is finished. See this issue.
- FEATURE: web UI: use compact representation of JSON lines at
JSON
tab if only a single log field is queried. See this feature request. - FEATURE: web UI: properly show the number of matching logs on the selected time range at bar chart for queries with arbitrary pipes, including
stats
pipe andtop
pipe.
v0.27.1 #
Released at 2024-07-05
- BUGFIX: properly JSON-encode strings with special chars in HTTP querying API responses. This fixes the
error decode response: invalid character 'x' in string escape code
error in VictoriaLogs datasource for Grafana. See this issue. The issue has been introduced in the release v0.9.0.
v0.27.0 #
Released at 2024-07-02
FEATURE: add
-syslog.useLocalTimestamp.tcp
and-syslog.useLocalTimestamp.udp
command-line flags, which could be used for using the local timestamp as_time
field for the logs ingested via the corresponding-syslog.listenAddr.tcp
/-syslog.listenAddr.udp
. By default the timestamp from the syslog message is used as_time
field. See these docs.BUGFIX: make slowly ingested logs visible for search as soon as they are ingested into VictoriaLogs. Previously slowly ingested logs could remain invisible for search for long time.
v0.26.1 #
Released at 2024-07-01
- BUGFIX: return the proper surrounding logs for
stream_context
pipe when additional pipes are put after thestream_context
pipe. This has been broken in v0.26.0.
v0.26.0 #
Released at 2024-07-01
- FEATURE: add ability to return log position (aka rank) after sorting logs with
sort
pipe. This can be done by addingrank as <fieldName>
to the end of| sort ...
pipe. For example,_time:5m | sort by (_time) rank as position
instructs storing position of every sorted log line intoposition
field name. - FEATURE: add delimiter log with
---
message between log chunks returned bystream_context
pipe. This should simplify investigation of the returned logs. - FEATURE: reduce memory usage when big number of context logs are requested from
stream_context
pipe.
v0.25.0 #
Released at 2024-06-28
FEATURE: add ability to select surrounding logs in front and after the selected logs via
stream_context
pipe. This functionality may be useful for investigating stacktraces, panics or some correlated log messages. This functionality is similar togrep -A
andgrep -B
.FEATURE: add ability to return top
N
"fields"
groups from/select/logsql/hits
HTTP endpoint, by specifyingfields_limit=N
query arg. This query arg is going to be used in this feature request.BUGFIX: fix
runtime error: index out of range [0] with length 0
panic when empty lines are ingested via Syslog format by Cisco controllers. See this issue.
v0.24.0 #
Released at 2024-06-27
FEATURE: add
/select/logsql/tail
HTTP endpoint, which can be used for live tailing of LogsQL query results. See these docs for details.FEATURE: add
/select/logsql/stream_ids
HTTP endpoint, which can be used for returning_stream_id
values with the number of hits for the given LogsQL query. See these docs for details.FEATURE: add
-retention.maxDiskSpaceUsageBytes
command-line flag, which allows limiting disk space usage for VictoriaLogs data by automatic dropping the oldest per-day partitions if the storage disk space usage becomes bigger than the-retention.maxDiskSpaceUsageBytes
. See these docs.BUGFIX: properly take into account query timeout specified via
-search.maxQueryDuration
command-line flag and/or viatimeout
query arg. Previously these timeouts could be ignored during query execution.BUGFIX: web UI: fix the update of the relative time range when
Execute Query
is clicked. See this issue.
v0.23.0 #
Released at 2024-06-25
FEATURE: syslog data ingestion: parse STRUCTURED-DATA into
SD-ID.field1=value1
,SD-ID.field2=value2
, …,SD-ID.fieldN=valueN
log fields. Previously theSTRUCTURED-DATA
was parsed into a single log field with theSD-ID
name andfield1=value1 field2=value2 ... fieldN=valueN
value. This could complicate querying of such data.BUGFIX: properly parse timestamps with timezones during data ingestion and querying. This has been broken in v0.20.0. See this issue.
v0.22.0 #
Released at 2024-06-24
- FEATURE: allow specifying multiple
_stream_id
values in_stream_id
filter via_stream_id:in(id1, ..., idN)
syntax. - FEATURE: allow specifying subquery for searching for
_stream_id
values inside_stream_id
filter. For example,_stream_id:in(_time:5m error | fields _stream_id)
returns logs for logs streams with theerror
word across logs for the last 5 minutes.
v0.21.0 #
Released at 2024-06-20
- FEATURE: web UI: add a bar chart displaying the number of log entries over a time range. See this issue.
- FEATURE: expose
_stream_id
field, which uniquely identifies log streams. This field can be used for quick obtaining of all the logs belonging to a particular stream via_stream_id
filter.
v0.20.2 #
Released at 2024-06-18
- BUGFIX: properly parse timestamps with nanosecond precision for logs ingested via jsonline format. The bug has been introduced in v0.20.0 release.
v0.20.1 #
Released at 2024-06-18
FEATURE: allow configuring multiple receivers with distinct configs for syslog messages. See these docs.
BUGFIX: properly read syslog messages over TCP and TLS connections according to RFC5425 when data ingestion for syslog protocol is enabled.
v0.20.0 #
Released at 2024-06-17
- FEATURE: add ability to accept logs in Syslog format. See these docs.
- FEATURE: add ability to specify timezone offset when parsing rfc3164 syslog messages with
unpack_syslog
pipe. - FEATURE: add
top
pipe for returning top N sets of the given fields with the maximum number of matching log entries.
v0.19.0 #
Released at 2024-06-11
FEATURE: do not allow starting the filter with pipe names and stats function names. This prevents from unexpected results returned by incorrect queries, which miss mandatory filter.
FEATURE: treat unexpected syslog message as RFC3164 containing only the
message
field when usingunpack_syslog
pipe.FEATURE: allow using
where
prefix instead offilter
prefix infilter
pipe.FEATURE: disallow unescaped
!
char in LogsQL queries, since it permits writing incorrect query, which may look like correct one. For example,foo!:bar
instead offoo:!bar
.FEATURE: web UI: add markdown support to the
Group
view. See this pull request.BUGFIX: return back the improved performance for queries with
*
filters (akaSELECT *
). This has been broken in v0.16.0.
v0.18.0 #
Released at 2024-06-06
- FEATURE: web UI: improve displaying of logs. See this pull request and the following issues: 6408, 6405, 6406 and 6407.
- FEATURE: add support for day range filter and week range filter. These filters allow selecting logs on a particular time range per every day or on a particular day of the week.
- FEATURE: allow using
eval
instead ofmath
keyword inmath
pipe.
v0.17.0 #
Released at 2024-06-05
FEATURE: add
pack_logfmt
pipe for formatting log fields into logfmt messages.FEATURE: allow using IPv4 addresses in range comparison filters. For example,
ip:>'12.34.56.78'
is valid filter now.FEATURE: add
ceil()
andfloor()
functions tomath
pipe.FEATURE: add support for bitwise
and
,or
andxor
operations atmath
pipe.FEATURE: add support for automatic conversion of RFC3339 time and IPv4 addresses into numeric representation at
math
pipe.FEATURE: add ability to format numeric fields into string representation of time, duration and IPv4 with
format
pipe.FEATURE: set
format
field torfc3164
orrfc5424
depending on the Syslog format parsed viaunpack_syslog
pipe.BUGFIX: always respect the limit set in
limit
pipe. Previously the limit could be exceeded in some cases.
v0.16.0 #
Released at 2024-06-04
- FEATURE: add
unpack_syslog
pipe for unpacking syslog messages from log fields. - FEATURE: parse timestamps in
_time
filter with nanosecond precision. - FEATURE: return the last
N
matching logs from/select/logsql/query
HTTP API with the maximum timestamps iflimit=N
query arg is passed to it. Previously a random subset of matching logs could be returned, which could complicate investigation of the returned logs. - FEATURE: add
drop_empty_fields
pipe for dropping log fields with empty values.
v0.15.0 #
Released at 2024-05-30
FEATURE: add
row_any
function forstats
pipe. This function returns a sample log entry per every calculated group of results.FEATURE: add
default
operator tomath
pipe. It allows overridingNaN
results with the given default value.FEATURE: add
exp()
andln()
functions tomath
pipe.FEATURE: allow omitting result name in
math
pipe expressions. In this case the result name is automatically set to string representation of the corresponding math expression. For example,_time:5m | math duration / 1000
is equivalent to_time:5m | math (duration / 1000) as "duration / 1000"
.FEATURE: allow omitting result name in
stats
pipe. In this case the result name is automatically set to string representation of the corresponding stats function expression. For example,_time:5m | count(*)
is valid LogsQL query now. It is equivalent to_time:5m | stats count(*) as "count(*)"
.BUGFIX: properly calculate the number of matching rows in
* | field_values x | stats count() rows
and in* | unroll (x) | stats count() rows
queries.
v0.14.0 #
Released at 2024-05-29
FEATURE: allow specifying fields, which must be packed into JSON in
pack_json
pipe viapack_json fields (field1, ..., fieldN)
syntax.BUGFIX: properly apply
if (...)
filters to calculated results instats
pipe when grouping by fields is enabled. For example,_time:5m | stats by (host) count() logs, count() if (error) errors
now properly calculates per-host
errors
.
v0.13.0 #
Released at 2024-05-28
- FEATURE: add
extract_regexp
pipe for extracting arbitrary substrings from log fields with RE2 regular expressions. - FEATURE: add
math
pipe for mathematical calculations over log fields. - FEATURE: add
field_values
pipe, which returns unique values for the given log field. - FEATURE: allow omitting
stats
prefix instats
pipe. For example,_time:5m | count() rows
is a valid query now. It is equivalent to_time:5m | stats count() as rows
. - FEATURE: allow omitting
filter
prefix infilter
pipe if the filter doesn’t clash with pipe names. For example,_time:5m | stats by (host) count() rows | rows:>1000
is a valid query now. It is equivalent to_time:5m | stats by (host) count() rows | filter rows:>1000
. - FEATURE: allow
head
pipe without number. For example,error | head
. In this case 10 first values are returned ashead
Unix command does by default. - FEATURE: allow using comparison filters with strings. For example,
some_text_field:>="foo"
matches log entries withsome_text_field
field values bigger or equal tofoo
.
v0.12.1 #
Released at 2024-05-26
FEATURE: add support for comments in multi-line LogsQL queries. See these docs.
BUGFIX: properly apply
in(...)
filter insideif (...)
conditions at various pipes. This bug has been introduced in v0.12.0.
v0.12.0 #
Released at 2024-05-26
FEATURE: add
pack_json
pipe, which packs all the log fields into a JSON object and stores it into the given field.FEATURE: add
unroll
pipe, which can be used for unrolling JSON arrays stored in log fields.FEATURE: add
replace_regexp
pipe, which allows updating log fields with regular expressions.FEATURE: improve performance for
/select/logsql/field_names
HTTP API.BUGFIX: prevent from panic in
sort
pipe when VictoriaLogs runs on a system with one CPU core.BUGFIX: do not return referenced fields if they weren’t present in the original logs. For example,
_time:5m | format if (non_existing_field:"") "abc"
could return emptynon_exiting_field
, while it shouldn’t be returned because it is missing in the original logs.BUGFIX: properly initialize values for
in(...)
filter insidefilter
pipe if thein(...)
contains other filters. For example,_time:5m | filter ip:in(user_type:admin | fields ip)
now works correctly.
v0.11.0 #
Released at 2024-05-25
- FEATURE: add
replace
pipe, which allows replacing substrings in log fields. - FEATURE: support comparing log field values with special numeric values. For example,
duration:>1.5s
andresponse_size:<15KiB
are valid filters now. - FEATURE: properly sort durations and short numeric values in
sort
pipe. For example,10s
goes in front of1h
, while10KB
goes in front of1GB
. - FEATURE: add an ability to preserve the original non-empty field values when executing
extract
,unpack_json
,unpack_logfmt
andformat
pipes. - FEATURE: add an ability to preserve the original field values if the corresponding unpacked values are empty when executing
extract
,unpack_json
,unpack_logfmt
andformat
pipes.
v0.10.0 #
Released at 2024-05-24
FEATURE: return the number of matching log entries per returned value in HTTP API results. This simplifies detecting field / stream values with the biggest number of logs for the given LogsQL query.
FEATURE: improve performance for regexp filter in the following cases:
- If the regexp contains just a phrase without special regular expression chars. For example,
~"foo"
. - If the regexp starts with
.*
or ends with.*
. For example,~".*foo.*"
. - If the regexp contains multiple strings delimited by
|
. For example,~"foo|bar|baz"
. - If the regexp contains multiple words. For example,
~"foo bar baz"
.
- If the regexp contains just a phrase without special regular expression chars. For example,
FEATURE: allow disabling automatic unquoting of the matched placeholders in
extract
pipe. See these docs.BUGFIX: properly parse
!
in front of exact filter, exact-prefix filter and regexp filter. For example,!~"some regexp"
is properly parsed asnot ="some regexp"
. Previously it was incorrectly parsed as'~="some regexp"'
phrase filter.BUGFIX: properly sort results by
_time
field whenlimit
pipe is applied. For example,_time:5m | sort by (_time) desc | limit 10
properly works now.
v0.9.1 #
Released at 2024-05-22
v0.9.0 #
Released at 2024-05-22
FEATURE: allow using
~"some_regexp"
regexp filter instead ofre("some_regexp")
.FEATURE: allow using
="some phrase"
exact filter instead ofexact("some phrase")
.FEATURE: allow using
="some prefix"*
exact prefix filter instead ofexact("some prefix"*)
.FEATURE: add ability to generate output fields according to the provided format string. See these docs.
FEATURE: add ability to extract fields with
extract
pipe only if the given condition is met. See these docs.FEATURE: add ability to unpack JSON fields with
unpack_json
pipe only if the given condition is met. See these docs.FEATURE: add ability to unpack logfmt fields with
unpack_logfmt
pipe only if the given condition is met. See these docs.FEATURE: add
row_min
androw_max
functions forstats
pipe, which allow returning all the log fields for the log entry with the minimum / maximum value at the given field.FEATURE: add
/select/logsql/streams
HTTP endpoint for returning streams from results of the given query. See these docs for details.FEATURE: add
/select/logsql/stream_field_names
HTTP endpoint for returning stream field names from results of the given query. See these docs for details.FEATURE: add
/select/logsql/stream_field_values
HTTP endpoint for returning stream field values for the given label from results of the given query. See these docs for details.FEATURE: web UI: change time range limitation from
_time
in the expression tostart
andend
query args.BUGFIX: fix
invalid memory address or nil pointer dereference
panic when usingextract
,unpack_json
orunpack_logfmt
pipes. See this issue.BUGFIX: web UI: fix an issue where logs with long
_msg
values might not display. See this issue.BUGFIX: properly handle time range boundaries with millisecond precision. See this issue.
v0.8.0 #
Released at 2024-05-20
FEATURE: add ability to extract JSON fields from log fields. See these docs.
FEATURE: add ability to extract logfmt fields from log fields. See these docs.
FEATURE: add ability to extract arbitrary text from log fields into the output fields. See these docs.
FEATURE: add ability to put arbitrary queries inside
in()
filter.FEATURE: add support for post-filtering of query results with
filter
pipe.FEATURE: allow applying individual filters per each stats function. See these docs.
FEATURE: allow passing string values to
min
andmax
functions. Previously only numeric values could be passed to them.FEATURE: speed up
sort ... limit N
pipe for typical cases.FEATURE: allow using more convenient syntax for
range
filters if upper or lower bound isn’t needed. For example, it is possible to writeresponse_size:>=10KiB
instead ofresponse_size:range[10KiB, inf)
, ortemperature:<42
instead oftemperature:range(-inf, 42)
.FEATURE: add
/select/logsql/hits
HTTP endpoint for returning the number of matching logs per the given time bucket over the selected time range. See these docs for details.FEATURE: add
/select/logsql/field_names
HTTP endpoint for returning field names from results of the given query. See these docs for details.FEATURE: add
/select/logsql/field_values
HTTP endpoint for returning unique values for the given field obtained from results of the given query. See these docs for details.BUGFIX: properly take into account
offset
atsort
pipe when it already haslimit
. For example,_time:5m | sort by (foo) offset 20 limit 10
.
v0.7.0 #
Released at 2024-05-15
- FEATURE: add support for optional
start
andend
query args to HTTP querying API, which can be used for limiting the time range for LogsQL query. - FEATURE: add ability to return the first
N
results fromsort
pipe. This is useful whenN
biggest orN
smallest values must be returned from large amounts of logs. - FEATURE: add
quantile
andmedian
stats functions.
v0.6.1 #
Released at 2024-05-14
FEATURE: use natural sort order when sorting logs via
sort
pipe.BUGFIX: properly return matching logs in streams with small number of entries. Previously they could be skipped. The issue has been introduced in the release v0.6.0.
BUGFIX: fix
runtime error: index out of range
panic when usingsort
pipe like_time:1h | sort by (_time)
. See this issue.
v0.6.0 #
Released at 2024-05-12
FEATURE: return all the log fields by default in query results. Previously only
_stream
,_time
and_msg
fields were returned by default.FEATURE: add support for returning only the requested log fields. See these docs.
FEATURE: add support for calculating various stats over log fields. Grouping by arbitrary set of log fields is supported. See these docs for details.
FEATURE: add support for sorting the returned results. See these docs.
FEATURE: add support for returning unique results. See these docs.
FEATURE: add support for limiting the number of returned results. See these docs.
FEATURE: add support for copying and renaming the selected log fields. See these and these docs.
FEATURE: allow using
_
inside numbers. For example,score:range[1_000, 5_000_000]
forrange
filter.FEATURE: allow numbers in hexadecimal and binary form. For example,
response_size:range[0xff, 0b10001101101]
forrange
filter.FEATURE: allow using duration and byte size suffixes in numeric values inside LogsQL queries. See these docs.
FEATURE: improve data ingestion performance by up to 50%.
FEATURE: optimize performance for LogsQL query, which contains multiple filters for words or phrases delimited with
AND
operator. For example,foo AND bar
query must find log messages withfoo
andbar
words at faster speed.BUGFIX: prevent from possible corruption of short log fields during data ingestion.
BUGFIX: prevent from additional CPU usage for up to a few seconds after canceling the query.
BUGFIX: prevent from returning log entries with empty
_stream
field in the form"_stream":""
in search query results. See this issue.
v0.5.2 #
Released at 2024-04-11
- BUGFIX: properly register new log streams under high data ingestion rate. The issue has been introduced in v0.5.0.
v0.5.1 #
Released at 2024-04-04
- BUGFIX: properly apply time range filter for queries containing
OR
operators. See this issue. - BUGFIX: do not log debug lines
DEBUG: start trimLines
andDEBUG: end trimLines
. This bug has been introduced in v0.5.0 in this commit.
v0.5.0 #
Released at 2024-03-01
FEATURE: support the ability to limit the number of returned log entries from HTTP querying API by passing
limit
query arg. Previously all the matching log entries were returned until closing the response stream. See this feature request. Thanks to @dmitryk-dk for the pull request.BUGFIX: do not panic on incorrect regular expression in stream filter. Thanks to @XLONG96 for the bugfix.
BUGFIX: properly determine when the assisted merge is needed. Previously the logs for determining whether the assisted merge is needed was broken. This could lead to too big number of parts under high data ingestion rate. Thanks to @lujiajing1126 for the fix.
BUGFIX: properly stop execution of aborted query when the query doesn’t contain
_stream
filter. Previously such a query could continue consuming resources after being aborted by the client. Thanks to @z-anshun for the fix.
v0.4.2 #
Released at 2023-11-15
- BUGFIX: properly locate logs for the requested streams. Previously logs for some streams may be missing in query results. See this issue. Thanks to @XLONG96 for the fix!
- BUGFIX: web UI: properly sort found logs by time. See this issue.
v0.4.1 #
Released at 2023-10-04
- BUGFIX: fix the free space verification process in VictoriaLogs that was erroneously shifting to read-only mode, despite there being sufficient free space available. See this issue.
v0.4.0 #
Released at 2023-10-03
FEATURE: add
-elasticsearch.version
command-line flag, which can be used for specifying Elasticsearch version returned by VictoriaLogs to Filebeat at elasticsearch bulk API. This helps resolving this issue.FEATURE: expose the following metrics at /metrics page:
vl_data_size_bytes{type="storage"}
- on-disk size for data excluding log stream indexes.vl_data_size_bytes{type="indexdb"}
- on-disk size for log stream indexes.
FEATURE: add
-insert.maxFieldsPerLine
command-line flag, which can be used for limiting the number of fields per line in logs sent to VictoriaLogs via ingestion protocols. This helps to avoid issues like this.FEATURE: expose
vl_http_request_duration_seconds
histogram at the /metrics page. Thanks to @crossoverJie for this pull request.FEATURE: add support of
-storage.minFreeDiskSpaceBytes
command-line flag to allow switching to read-only mode when running out of disk space at-storageDataPath
. See this issue.BUGFIX: fix possible panic when no data is written to VictoriaLogs for a long time. See this issue. Thanks to @crossoverJie for filing and fixing the issue.
BUGFIX: add
/insert/loki/ready
endpoint, which is used by Promtail for healthchecks. This should removeunsupported path requested: /insert/loki/ready
warning logs. See this comment.BUGFIX: prevent from panic during background merge when the number of columns in the resulting block exceeds the maximum allowed number of columns per block. See this issue.
v0.3.0 #
Released at 2023-07-20
- FEATURE: add support for data ingestion via Promtail (aka default log shipper for Grafana Loki). See these and these docs.
v0.2.0 #
Released at 2023-07-17
- FEATURE: support short form of
_time
filters over the last X minutes/hours/days/etc. For example,_time:5m
is a short form for_time:(now-5m, now]
, which matches logs with timestamps for the last 5 minutes. See these docs for details. - FEATURE: add ability to specify offset for the selected time range. For example,
_time:5m offset 1h
is equivalent to_time:(now-5m-1h, now-1h]
. See these docs for details. - FEATURE: LogsQL: replace
exact_prefix("...")
withexact("..."*)
. This makes it consistent with i() filter, which can accept phrases and prefixes, e.g.i("phrase")
andi("phrase"*)
. See these docs.
v0.1.0 #
Released at 2023-06-21
Initial release