Cine
Reputation: 4402
LogQL sum by __line__
I use opentelemetry to send logs to Loki, and thus I get very nicely formatted log entries that are easy to query on:
Now I want to get some statistics out of the logs about login activity:
sum by(__line__) (
count_over_time({} | scope_name = "UserAuthenticator" | label_format level=detected_level [5m])
)
The problem is by(__line__) does not work. Nor does __line, line, log, body, message. What is the magic keyword to group by the log text template?
Upvotes: 0
Views: 124
Answers (1)
Cine
Reputation: 4402
As @markalex wrote, we can create a new label using the label_format, and then sum by that:
sum by(line) (
count_over_time({}
| scope_name = "UserAuthenticator"
| label_format level=detected_level
| label_format line=`{{__line__}}`
[5m])
)
Upvotes: 0
Related Questions
- How can I extract a number that contains a comma in LogQL?
- FluentBit: Adding OpenTelemetry attributes to forwarded log (target: Loki)
- Template the body for OpenTelemetry log events
- Grafana Loki LogQL bar gauge order by total
- Parse LogQL substring as JSON
- How do I unwrap multiple labels in a LogQL query?
- How to slice the string using logql?
- Loki LogQL topk aggregate function
- Regexp JSON filtering in LogQL