Reputation: 51
LogQL : How to get the last values?
I am parsing access logs from Squid (proxy) with Loki and Grafana.
I am trying to do something simple : display top 10 requested domains (or IP) in the last 24h.
To do so, I created a Loki label which extract the domain from the log line in the Loki pipeline with a regex.
So in the LogQL query I have access to a label named 'connection' which is the domain.
I don't manage to extract the top 10 domains. Here is what I tried :
LogQL query : topk(3, sum by(connection) (count_over_time({container_name="squid"} [1d])))
Data visualisation :
We can see that the last displayed line are the top 10 domains, but there is also many domains that were in the top 10 at some moment and they are still returned by the query.
I would like to keep only the top 10 domains at the and of the window of 24h...
In that way if I choose to display a bar gauge I will get only 10 entries. Currently I have this (with the same request) : Bar gauge with the request
Does someone have a solution ?
Upvotes: 2
Views: 3372
Answers (1)
Reputation: 51
Ok I found out: In the query options, you have to change "range" to "instant"
and that works, it keeps the result of the query at the end of the time window !
Now I finally have my bar gauge, but it is not sorted... Next issue I guess ;)
Upvotes: 2
Related Questions
- Grafana/Loki: How to use multi-select template variable with LogQL?
- Loki query to show all logs
- Grafana Loki total number of a specific log message
- Sorting logs (from Loki) on Grafana
- Weird LogQL behavior when aggregating logs
- Binary operator in loki
- Use variables on grafana loki queries (LogQL)
- Topk values in LogQL
- logs aggregation in grafana
- How to display the last value in Grafana Gauge