[{"content":" View Badge Details The Catalyst: Why CKS? After successfully completing my CKA certification journey, it was time to attempt the next challenge: CKS, which is the toughest one in the series of Kubernetes certifications. The CKS certification preparation has taught me more about Kubernetes than I initially expected, providing complete knowledge about Linux kernel fundamentals and transforming how I should think from perspective of a security professional when working with Kubernetes and implementing best practices.\nThe CKS exam goes beyond basic Kubernetes knowledge, diving deep into security hardening, threat detection, and implementing defense-in-depth strategies that are essential for production environments.\nThe Preparation Strategy I started by understanding the CKS curriculum domains and their weightage:\nCluster Setup (15%): Network security policies, CIS benchmarks, TLS configuration Cluster Hardening (15%): RBAC, service accounts, API access restrictions System Hardening (10%): Host OS security, kernel hardening tools Minimize Microservice Vulnerabilities (20%): Pod security standards, secrets management, isolation techniques Supply Chain Security (20%): Image security, SBOM, static analysis Monitoring, Logging and Runtime Security (20%): Behavioral analytics, audit logs, runtime protection Practice Environment Setup:\nKillerCoda CKS Playgrounds - Essential for real-world practice scenarios Local Kubernetes clusters with security configurations Various security tools and scanners Exam Simulation As the exam date approached, I intensified my practice with:\n2 Killer.sh CKS simulations (included with exam purchase) Time management strategies for security tasks Documentation navigation for security tools Essential Learning Resources KillerCoda Playgrounds The KillerCoda CKS playgrounds were invaluable for hands-on practice. These environments provide:\nReal-world scenarios: Practical security challenges you\u0026rsquo;ll face in production Tool familiarity: Hands-on experience with security scanning tools YouTube Learning Resource I found this free comprehensive CKS preparation video extremely helpful for understanding the key concepts, its worth 11 hours of understanding complete working of kubernetes in a linux environment and how to secure it!\nImportant Note: While this video is excellent, it\u0026rsquo;s not completely up-to-date and misses coverage of 4 critical topics:\nCilium: Network security and service mesh capabilities PodSecurityStandards: The newer pod security model SBOM (Software Bill of Materials): Supply chain security documentation Istio fundamentals: Service mesh security implementation I supplemented this video with additional resources to cover these gaps.\nFrom exam perspective here are the key areas to practice on as questions will definitely come from them: 1. Cluster Security Hardening Service Account Security:\nDisabling default service accounts Implementing least-privilege access Regular access reviews and audits Projected volumes and securing the service account token Kubernetes metadata service hardening Cluster upgrades kube-bench:\nCIS Kubernetes benchmark implementation and remediation 2. Pod Security Standards Understanding the Pod Security Standards:\napiVersion: v1 kind: Namespace metadata: name: secure-namespace labels: pod-security.kubernetes.io/enforce: restricted pod-security.kubernetes.io/audit: restricted pod-security.kubernetes.io/warn: restricted Understanding how deployments behave when these standards are enforced and how to fix them 3. Network Security Policies Implementing micro-segmentation and network isolation:\napiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: deny-all-ingress spec: podSelector: {} policyTypes: - Ingress Configuring and whitelisting networking policies on top of existing deny policies Istio configuration and strict mTLS 4. Supply Chain Security Image Security Practices:\nTrivy \u0026amp; vulnerability scanning SBOM generation and validation of images containing given dependencies Static Analysis Tools:\nKubesec for Kubernetes manifest analysis Trivy for container image scanning Manual static analysis and knowledge of best practices for writing Dockerfiles and deployment files 5. Runtime Security Monitoring and Detection:\nKubernetes audit logging configuration from scratch Behavioral analytics for anomaly detection - mainly using Linux process commands and finding misbehaving containers/pods Runtime security tools (Falco) The Challenges I Faced 1. Time Management Under Pressure The CKS exam is even more time-constrained than CKA, with complex security configurations requiring careful implementation. Key strategies:\nPrioritize high-weightage domains Master security tool commands Practice documentation navigation Kubectl shortcuts and aliases: Essential for time management The Exam Day Experience Key Observations:\nPrerequisite requirement: CKA certification must be completed before attempting CKS Security-focused environment: Exam emphasizes practical security implementation Tool familiarity crucial: Quick navigation through security scanning tools Documentation reliance: Efficient use of Kubernetes and security documentation Time pressure: 2 hours for complex security scenarios Exam Tips:\nRead security requirements carefully - precision matters in security configurations Use kubectl shortcuts and aliases extensively Practice with various security tools before the exam Understand the relationship between different security controls Conclusion The CKS certification journey has been one of the most challenging and rewarding experiences in my professional development. It\u0026rsquo;s not just about passing an exam, but about developing a security-first mindset that permeates every aspect of Kubernetes work.\nFor anyone considering the CKS certification, I encourage you to approach it as a learning journey rather than just an exam. The knowledge gained will not only help you pass the certification but will fundamentally improve how you think about and implement security in your Kubernetes environments.\nGood luck and Stay Curious!\nThis post shares my personal experience with CKS certification preparation. I hope these insights help others on their Kubernetes security journey.\n","permalink":"https://www.blog.curiouschanakya.com/posts/personal-learnings/cks-certification-journey/","summary":"My comprehensive journey through the Certified Kubernetes Security Specialist (CKS) certification, sharing insights, challenges, and strategies for success in Kubernetes security.","title":"My CKS Certification Journey"},{"content":" View Badge Details \u0026ldquo;The only way to do great work is to love what you do.\u0026rdquo; - Steve Jobs\nThe Catalyst: Why CKA? After working with Kubernetes in production environments for the past 4 years, I realized it\u0026rsquo;s time to test these skills with a proper certification where its preparation process will help me with deep, systematic understanding that comes with it. The CKA exam, with its focus on real-world scenarios and hands-on problem-solving, seemed like the perfect challenge.\nThe Preparation Strategy Phase 1: Foundation Building (Weeks 1) I started by taking a brutally honest assessment of my Kubernetes knowledge. Using the official CKA curriculum as my guide, and one of the best known preparation course \u0026amp; Mock exams from Mumshad Mannambeth.\nKey Resources:\nOfficial Kubernetes documentation Kubernetes: The Hard Way by Kelsey Hightower CKA exam curriculum breakdown Killer.sh CKA practice environment Phase 2: Hands-on Practice (Weeks 2-3) This was where the real learning happened. I set up multiple Kubernetes clusters using different methods:\nMinikube for local development : To understand no-automation approach kubeadm for cluster setup practice : This is how real exam is based on Daily Routine:\n2 hours of hands-on practice 1 hour of theory review 30 minutes of exam simulation Practice Environment Setup.\nNote: When you purchase CKA certification course, they provide 2 simulators to practice on for free.\nPhase 3: Exam Simulation (Weeks 3-4) As the exam date approached, I shifted focus to exam-specific preparation. I practiced with:\nKiller.sh CKA simulations Mock exams from various platforms like kodecloud Time management strategies Killer.sh Practice Experience One of the most valuable parts of my preparation was using the Killer.sh CKA simulators. These practice environments closely mimic the actual exam conditions and were instrumental in building my confidence.\nWhat Made Killer.sh Effective The simulators provided:\nRealistic exam environment: The interface closely matches the actual CKA exam Diverse scenarios: Each simulation covers different aspects of the curriculum Time pressure: Learning to work efficiently under time constraints Troubleshooting practice: Real-world problems that require systematic debugging Killer.sh is quite hard as compared to real exam but they are quite useful resource. At the end they also provide solutions which helps with refining the approach.\nMy Practice Routine I completed both Killer.sh simulations, focusing on:\nCluster setup and configuration: Understanding kubeadm, cluster initialization, and node management Application lifecycle: Deployments, rolling updates, and rollbacks, also on using helm and crds. Troubleshooting: Debugging failing pods, static pods, network issues, and resource constraints Security: RBAC, network policies, and pod security standards Storage: Persistent volumes, storage classes, and volume mounting Networking: Services, ingress, and network troubleshooting, The new Gateway API and HTTPRoute vs ingress. Key Learnings from Practice The simulations taught me to:\nRead questions carefully: Understanding exactly what\u0026rsquo;s being asked Use documentation efficiently: Quick navigation through Kubernetes docs Debug systematically: Following a logical troubleshooting approach Manage time effectively: Knowing when to move on from difficult problems The Challenges I Faced 1. Time Management Under Pressure The CKA exam is a race against time. With 2 hours to complete 15-20 tasks, every minute counts. I learned to:\nSkip difficult questions initially and return later Use kubectl shortcuts and aliases (essential!) Master the art of quick troubleshooting, (kube-api-servers, kubelet, etcd troubleshootings!) 2. Balancing Work and Study Working full-time while preparing for CKA was challenging. I had to be strategic about my time, often studying during lunch breaks and early mornings. Setting realistic goals and maintaining consistency was crucial.\nThe Exam Day Experience Test environment is not your friend - Linux Foundation has done a poor job with providing the testing environment which tests a lot of patience. The testing environment lags at times, copy-paste doesn\u0026rsquo;t work and in my case resolution was messed up. I lost crucial 10 minutes trying to set it up! Trust your preparation - you\u0026rsquo;ve put in the work Read questions carefully - don\u0026rsquo;t rush through them Don\u0026rsquo;t panic if something doesn\u0026rsquo;t work immediately Use the documentation effectively - it\u0026rsquo;s your lifeline Real exam environments are Linux-based and if you use Mac like me, copy-pasting is a difficult task in it! Practice this as much as you can and be good with implicit commands of kubectl and documentation search, also learn vim tips The Aftermath: Beyond the Certification If you are curious my exam score was 85% in first attempt ( passing was 66% ), but Passing the CKA exam was just the beginning. The real value came from:\n1. Enhanced Problem-Solving Skills The exam preparation taught me to approach Kubernetes problems systematically, breaking them down into manageable components. I am pretty sure this mindset will be invaluable in my daily work.\n2. Increased Confidence Having the certification gave me the confidence to take on more complex projects and mentor others in my team. It validated my knowledge and expertise.\n3. Career Opportunities The CKA certification opened doors to new opportunities and helped me stand out in a competitive job market. It\u0026rsquo;s a recognized credential that employers value.\nWhat\u0026rsquo;s Next? The CKA certification was just one milestone in my continuous learning journey for this year. Next milestone is CKS certification and deepening my expertise in Kubernetes security and hardening. The key is to keep learning, keep growing, and staying curious!\n\u0026ldquo;The expert in anything was once a beginner.\u0026rdquo; - Helen Hayes\nThis post shares my personal experience with CKA certification preparation. I hope these insights are helpful for others considering this journey.\n","permalink":"https://www.blog.curiouschanakya.com/posts/personal-learnings/cka-certification-journey/","summary":"My personal approach through the Certified Kubernetes Administrator (CKA) certification process, sharing insights, challenges, and few strategies for success.","title":"My CKA Certification Journey"},{"content":" \u0026ldquo;The only way to do great work is to love what you do.\u0026rdquo; - Steve Jobs\nWhen I first heard about the Certified Kubernetes Administrator (CKA) certification, I was both excited and terrified. As someone who had been working with Kubernetes for a couple of years, I knew the exam was notorious for its hands-on, practical approach. But little did I know that this journey would transform not just my technical skills, but also my confidence and career trajectory.\nThe Catalyst: Why CKA? The decision to pursue CKA wasn\u0026rsquo;t made in a vacuum. After working with Kubernetes in production environments, I realized that while I could deploy applications and troubleshoot basic issues, I lacked the deep, systematic understanding that comes with formal certification. The CKA exam, with its focus on real-world scenarios and hands-on problem-solving, seemed like the perfect challenge to bridge that gap.\nThe Preparation Strategy Phase 1: Foundation Building (Weeks 1-2) I started by taking a brutally honest assessment of my Kubernetes knowledge. Using the official CKA curriculum as my guide, I identified knowledge gaps and created a structured study plan. The key was not to rush but to build a solid foundation.\nKey Resources:\nOfficial Kubernetes documentation (my bible) Kubernetes: The Hard Way by Kelsey Hightower CKA exam curriculum breakdown Phase 2: Hands-on Practice (Weeks 3-6) This was where the real learning happened. I set up multiple Kubernetes clusters using different methods:\nMinikube for local development kubeadm for cluster setup practice Cloud providers for production-like environments Daily Routine:\n2 hours of hands-on practice 1 hour of theory review 30 minutes of exam simulation Phase 3: Exam Simulation (Weeks 7-8) As the exam date approached, I shifted focus to exam-specific preparation. I practiced with:\nKiller.sh CKA simulations Mock exams from various platforms Time management strategies The Challenges I Faced 1. Time Management Under Pressure The CKA exam is a race against time. With 2 hours to complete 15-20 tasks, every minute counts. I learned to:\nSkip difficult questions initially and return later Use kubectl shortcuts and aliases Master the art of quick troubleshooting 2. The Imposter Syndrome There were moments when I questioned whether I was ready. The complexity of some scenarios made me doubt my abilities. But I learned that this is normal and part of the growth process.\n3. Balancing Work and Study Working full-time while preparing for CKA was challenging. I had to be strategic about my time, often studying during lunch breaks and early mornings.\nThe Breakthrough Moments Understanding the \u0026ldquo;Why\u0026rdquo; Behind Commands Instead of memorizing commands, I focused on understanding the underlying concepts. Why does kubectl get pods work? What happens when you apply a YAML file? This deep understanding made me more confident and adaptable.\nBuilding Muscle Memory Through repetitive practice, I developed muscle memory for common tasks. This was crucial during the exam when time was limited and stress was high.\nThe Exam Day Experience The day of the exam was a mix of excitement and nervousness. The proctored environment added to the pressure, but my preparation paid off. The key was staying calm and methodical, even when faced with unfamiliar scenarios.\nWhat I Learned:\nTrust your preparation Read questions carefully Don\u0026rsquo;t panic if something doesn\u0026rsquo;t work immediately Use the documentation effectively The Aftermath: Beyond the Certification Passing the CKA exam was just the beginning. The real value came from:\n1. Enhanced Problem-Solving Skills The exam preparation taught me to approach Kubernetes problems systematically, breaking them down into manageable components.\n2. Increased Confidence Having the certification gave me the confidence to take on more complex projects and mentor others in my team.\n3. Career Opportunities The CKA certification opened doors to new opportunities and helped me stand out in a competitive job market.\nTips for Future CKA Aspirants 1. Start with the Basics Don\u0026rsquo;t rush into advanced topics. Build a strong foundation in Kubernetes fundamentals.\n2. Practice, Practice, Practice The CKA exam is hands-on. You can\u0026rsquo;t pass by just reading books or watching videos.\n3. Use the Official Documentation During the exam, you have access to the official Kubernetes documentation. Learn to navigate it efficiently.\n4. Join a Community Connect with other CKA aspirants. Share experiences, ask questions, and learn from each other.\n5. Don\u0026rsquo;t Give Up The journey is challenging, but the rewards are worth it. Stay persistent and believe in yourself.\nThe Real Victory While the certification badge is nice, the real victory was the transformation in my approach to learning and problem-solving. The CKA journey taught me that with the right mindset, preparation, and persistence, any technical challenge can be overcome.\nWhat\u0026rsquo;s Next? The CKA certification was just one milestone in my continuous learning journey. I\u0026rsquo;m now exploring other certifications and deepening my expertise in cloud-native technologies. The key is to keep learning, keep growing, and never stop being curious.\n\u0026ldquo;The expert in anything was once a beginner.\u0026rdquo; - Helen Hayes\nIf you\u0026rsquo;re considering the CKA certification, I encourage you to take the leap. The journey is challenging, but the skills, confidence, and opportunities it brings are invaluable. Remember, every expert was once a beginner, and every certification journey starts with a single step.\nReady to start your CKA journey? Share your experiences and questions in the comments below. Let\u0026rsquo;s learn and grow together!\nThis post is part of my personal blog series on certification preparation. Stay tuned for more insights on professional development and technical growth.\n","permalink":"https://www.blog.curiouschanakya.com/personal/certification-preparation/cka-certification-journey/","summary":"A personal journey through the Certified Kubernetes Administrator (CKA) certification process, sharing insights, challenges, and strategies for success.","title":"My CKA Certification Journey: From Doubt to Victory"},{"content":" In the realm of monitoring and observability, understanding and effectively utilizing query languages is crucial. LogQL, a powerful query language designed for querying logs in Loki, has gained significant popularity for its flexibility and efficiency. One of its key features is pattern matching, which allows users to filter and extract relevant log entries based on specific criteria. In this guide, we\u0026rsquo;ll delve into LogQL\u0026rsquo;s pattern matching capabilities, exploring its syntax and usage with detailed examples.\nUnderstanding LogQL Pattern Matching Loki v2.3.0 introduced the pattern parser. It is both simple to use and super efficient at extracting data from unstructured logs. LogQL pattern matching enables users to filter log entries based on patterns defined by regular expressions. These patterns can target specific parts of log messages, such as timestamps, log levels, or custom attributes, allowing for precise querying and analysis.\nUsage Invoke the pattern parser within a LogQL query by specifying:\n| pattern \u0026quot;\u0026lt;pattern-expression\u0026gt;\u0026quot;\nor\n| pattern `\u0026lt;pattern-expression\u0026gt;` \u0026lt;pattern-expression\u0026gt; specifies the structure of a log line. It is composed of captures and literals.\nA capture defines a field name and is delimited by the \u0026lt; and \u0026gt; characters. In the example, \u0026lt;status\u0026gt; defines the field name status. The unnamed capture \u0026lt;_\u0026gt; skips and ignores matched content within the log line.\nCaptures are matched from the beginning of the line, or from the previous set of literals to the end of the line, or to the next set of literals. If a capture does not match, the pattern parser stops processing the log line. By default, pattern expressions are anchored at the beginning of the log line. If you want to change this behavior, start your expression with an unnamed capture, \u0026lt;_\u0026gt;.\nPractical example We will search access logs of an nginx container and extract status code and request using pattern parse.\nnginx.conf custom log_format http { log_format main \u0026#39;$remote_addr - $remote_user [$time_local] $status \u0026#39; \u0026#39;\u0026#34;$request\u0026#34; $body_bytes_sent \u0026#34;$http_referer\u0026#34; \u0026#39; \u0026#39;\u0026#34;$http_user_agent\u0026#34; \u0026#34;$http_x_forwarded_for\u0026#34;\u0026#39; } Given, a simple query without pattern parser:\nAttributes on each log line are as follows: Now we will use pattern parser to retrieve the status and request in specific attributes so that they can be filtered.\nNGINX log line fields NGINX sample pattern expression $remote_addr 127.0.0.6 \u0026lt;_\u0026gt; - - - $remote_user - - [$time_local] [24/Jun/2024:12:47:28 +0000] [\u0026lt;_\u0026gt; \u0026lt;_\u0026gt;] $status 200 \u0026lt;status\u0026gt; \u0026ldquo;$request\u0026rdquo; \u0026quot;GET /loki/api/v1/index/stats?query=%7Bcontainer \u0026quot;\u0026lt;_\u0026gt; \u0026lt;request\u0026gt; \u0026lt;_\u0026gt;\u0026quot; %3D%22nginx%22%7D\u0026amp;start=1719211648650000000 \u0026amp;end=1719233248650000000 HTTP/1.1\u0026quot; $body_bytes_sent 55 \u0026lt;_\u0026gt; \u0026ldquo;$http_referer\u0026rdquo; \u0026ldquo;-\u0026rdquo; \u0026quot;-\u0026quot; \u0026ldquo;$http_user_agent\u0026rdquo; \u0026quot;Grafana/10.2.3\u0026quot; \u0026quot;\u0026lt;_\u0026gt;\u0026quot; \u0026ldquo;$http_x_forwarded_for\u0026rdquo; \u0026quot;127.0.0.1\u0026quot; \u0026quot;\u0026lt;_\u0026gt;\u0026quot; 127.0.0.6 - - [24/Jun/2024:12:47:28 +0000] 200 \u0026#34;GET /loki/api/v1/index/stats?query=%7Bcontainer%3D%22nginx%22%7D\u0026amp;start=1719211648650000000\u0026amp;end=1719233248650000000 HTTP/1.1\u0026#34; 55 \u0026#34;-\u0026#34; \u0026#34;Grafana/10.2.3\u0026#34; \u0026#34;127.0.0.1\u0026#34; {container=\u0026#34;nginx\u0026#34;} | pattern `\u0026lt;_\u0026gt; - - [\u0026lt;_\u0026gt; \u0026lt;_\u0026gt;] \u0026lt;status\u0026gt; \u0026#34;\u0026lt;_\u0026gt; \u0026lt;request\u0026gt; \u0026lt;_\u0026gt;\u0026#34; \u0026lt;_\u0026gt; \u0026#34;-\u0026#34; \u0026#34;\u0026lt;_\u0026gt;\u0026#34; \u0026#34;\u0026lt;_\u0026gt;\u0026#34;` With above pattern applied we are now able to utliise status and request attribute for filtering. Some bonus examples a. Mind spaces in your logs when building pattern to match\nLog sample: \u0026#34;foo buzz bar\u0026#34; Pattern sample: \u0026#34;foo \u0026lt;foo\u0026gt; bar\u0026#34; Captured attribute: \u0026#34;buzz\u0026#34; b. You can capture spaces as values too\nLog sample: \u0026#34; bar \u0026#34; Pattern sample: \u0026#34;\u0026lt;foo\u0026gt;bar\u0026lt;baz\u0026gt;\u0026#34; Captured attribute: \u0026#34; \u0026#34;, \u0026#34; \u0026#34; c. Use unique attributes to capture values\nLog sample: \u0026#34;/api/plugins/versioncheck?slugIn=snuids-trafficlights-panel,input,gel\u0026amp;grafanaVersion=7.0.0-beta1\u0026#34; Pattern sample: \u0026#34;\u0026lt;path\u0026gt;?\u0026lt;_\u0026gt;\u0026#34; Captured attribute: \u0026#34;/api/plugins/versioncheck\u0026#34; d. Use as many attributes as you wish\nLog sample: \u0026#34;127.0.0.1 user-identifier frank [10/Oct/2000:13:55:36 -0700] \u0026#34;GET /apache_pb.gif HTTP/1.0\u0026#34; 200 2326\u0026#34; Pattern sample: \u0026#34;\u0026lt;ip\u0026gt; \u0026lt;userid\u0026gt; \u0026lt;user\u0026gt; [\u0026lt;_\u0026gt;] \u0026#34;\u0026lt;method\u0026gt; \u0026lt;path\u0026gt; \u0026lt;_\u0026gt;\u0026#34; \u0026lt;status\u0026gt; \u0026lt;size\u0026gt;\u0026#34; Captured attributes: \u0026#34;127.0.0.1\u0026#34;, \u0026#34;user-identifier\u0026#34;, \u0026#34;frank\u0026#34;, \u0026#34;GET\u0026#34;, \u0026#34;/apache_pb.gif\u0026#34;, \u0026#34;200\u0026#34;, \u0026#34;2326\u0026#34; e. Use unnamed matcher \u0026lt;_\u0026gt; when you don\u0026rsquo;t want to capture values in unique attributes\nLog sample: \u0026#34;35.191.8.106 - - [19/May/2021:07:21:49 +0000] \u0026#34;GET /api/plugins/versioncheck?slugIn=snuids-trafficlights-panel,input,gel\u0026amp;grafanaVersion=7.0.0-beta1 HTTP/1.1\u0026#34; 200 107 \u0026#34;-\u0026#34; \u0026#34;Go-http-client/2.0\u0026#34; \u0026#34;80.153.74.144, 34.120.177.193\u0026#34; \u0026#34;TLSv1.3\u0026#34; \u0026#34;DE\u0026#34; \u0026#34;DEBW\u0026#34;\u0026#34; Pattern sample: \u0026#34;\u0026lt;ip\u0026gt; - - [\u0026lt;_\u0026gt;] \u0026#34;\u0026lt;method\u0026gt; \u0026lt;path\u0026gt; \u0026lt;_\u0026gt;\u0026#34; \u0026lt;status\u0026gt; \u0026lt;size\u0026gt; \u0026#34; Captured attributes: \u0026#34;35.191.8.106\u0026#34;, \u0026#34;GET\u0026#34;, \u0026#34;/api/plugins/versioncheck?slugIn=snuids-trafficlights-panel,input,gel\u0026amp;grafanaVersion=7.0.0-beta1\u0026#34;, \u0026#34;200\u0026#34;, \u0026#34;107\u0026#34; f. Start your pattern with unnamed matcher \u0026lt;_\u0026gt; when you want to match only a substring of your log line:\nLog sample: level=debug ts=2021-05-19T07:54:26.864644382Z caller=logging.go:66 traceID=7fbb92fd0eb9c65d msg=\u0026#34;POST /loki/api/v1/push (204) 1.238734ms\u0026#34; Pattern sample: \u0026lt;_\u0026gt; msg=\u0026#34;\u0026lt;method\u0026gt; \u0026lt;path\u0026gt; (\u0026lt;status\u0026gt;) \u0026lt;duration\u0026gt;\u0026#34; Captured attributes: \u0026#34;POST\u0026#34;, \u0026#34;/loki/api/v1/push\u0026#34;, \u0026#34;204\u0026#34;, \u0026#34;1.238734ms\u0026#34; TL;DR: Try to create the pattern as similar to the log line you want to match against. While doing so, you can use unnamed matcher \u0026lt;_\u0026gt; to ignore capturing the value. Pattern matcher is faster then regex and thus significantly improves query performance and is a swiss knife in your \u0026ldquo;querying\u0026rdquo; arsenal.\nHappy querying.\n","permalink":"https://www.blog.curiouschanakya.com/posts/observability/loki-pattern-parser/","summary":"How to use Grafana Loki pattern parser","title":"Parsing Loki logs with pattern parser"}]