I am trying to get logs from gcloud(GKE) to count the number of different HTTP error codes.. here is my command:
gcloud logging read "resource.type=container AND resource.labels.cluster_name=AAA AND resource.labels.namespace_id=BBB AND timestamp>=(2018-09-21T13:20:00Z) AND timestamp<=(2018-09-21T13:30:00Z)" |grep -i textpayload -A 1| grep 'GET\|POST\|PUT\|DELETE\|HEAD' | grep -v null | awk '{print $9}' | sort | uniq -c | sort -rn
If I remove the "timestamp" and use "--limit" it gives me output and everything is fine but I want to get logs for a particular period and as per documentation I should use "timestamp" filter but this is giving me following error:
ERROR: (gcloud.logging.read) INVALID_ARGUMENT: Unparseable filter: syntax error at line 1, column 155, token ':'; syntax error at line 1, column 193, token ':'
Please help me with correct syntax of specifying timestamps
You must escape the timestamp strings (and all the other string values within your filter string).
I know! It's not my favorite either but...
gcloud logging read "timestamp>=\"2018-09-21T13:20:00Z\" AND timestamp<=\"2018-09-21T13:30:00Z\""