Skip to main content
Google Cloud Logging is where your Google Cloud projects collect their logs. Investigations query it to read what your services logged around the time of an incident — the errors, the failed requests, the message that started appearing after a deploy.
Cloud Logging is connected through Google Cloud. Connect Google Cloud once, then enable the projects you want investigations to read — there’s nothing to set up for Cloud Logging on its own.

What we support

Investigations query Cloud Logging with the Logging query language — the same filter expressions you’d write in the Logs Explorer. They use it to:
  • Read log lines — pull back what a service logged in the incident window, scoped to a project.
  • Narrow by resource — filter to a resource type and its labels, so a query reaches one GKE namespace, one Cloud SQL instance, or one Cloud Run service rather than everything in the project.
  • Filter on severity — Cloud Logging orders severity numerically, so investigations can ask for everything at ERROR and above and let warnings and info fall away.

Querying structured and unstructured logs

Cloud Logging holds both plain text logs and structured JSON, and the useful detail often lives inside the payload. Investigations query both: a free-text search across textPayload and jsonPayload.message, or a precise filter on a nested field such as a status code, a request method, or an HTTP latency. They reach into the request metadata too, so a query can find every 5xx from a load balancer or every request slower than a threshold. A query can answer questions like:
Did the checkout service log any errors in the ten minutes after the deploy?
Which namespace was throwing connection-refused errors during the outage?
Were the load balancer’s 5xx responses concentrated on one backend?

Knowing what’s in each project

A project can hold many kinds of workload, and a query only works if it names the right resource type and labels. Investigations learn what each enabled project actually runs — its GKE clusters, Cloud SQL instances, Cloud Run services, and the resource types generating logs — so they query the resources that matter instead of guessing. How that works is covered in How telemetry works.

Connecting Cloud Logging

Cloud Logging is connected through Google Cloud. Connect Google Cloud with a service account that can read logs, then enable the projects your team runs production workloads in. Each project is disabled by default, so you opt in deliberately; enabling one turns on its Cloud Logging access.

Best practice

  • Enable the projects your responders actually investigate, rather than every project the service account can reach.
  • Grant the service account read-only logging access. Investigations only ever read from Cloud Logging.

Google Cloud

The provider Cloud Logging is connected through.

How telemetry works

How investigations query your logs.