How to sort 500-511 HTTP errors in a file produced daily on Grafana using Loki as Datasource
How to grep for only 500 errors (500-511) in a file that is created daily with date stamp in file name. These files are configured to be pushed by promtail agent to Loki server so I can visualize them on Grafana. The files are being produced daily and this is an example of the file sss2022-03-16.txt. I would like to count and visualise this on grafana only the 500-511 HTTP errors for file produced each day.
On Grafana Loki I tried doing this {job="cbas-dev-logs"} |= "500|501|502|503|504|505|506|507|508|509|510|511" but that didn't grep specifically only the 500s HTTPs
Below you can see an example of the file sss2022-03-16.txt
10.32.10.181 ignore 19 Feb 2022 00:26:04 GMT 10.32.10.44 GET / HTTP/1.1 500 73 N 0 h 10.32.26.124 ignore 19 Feb 2022 00:26:06 GMT 10.32.10.44 GET / HTTP/1.1 501 73 N 0 h 10.32.42.249 ignore 19 Feb 2022 00:26:27 GMT 10.32.10.44 GET / HTTP/1.1 500 73 N 1 h 10.32.10.181 ignore 19 Feb 2022 00:26:34 GMT 10.32.10.44 GET / HTTP/1.1 302 73 N 0 h 10.32.26.124 ignore 19 Feb 2022 00:26:36 GMT 10.32.10.44 GET / HTTP/1.1 503 73 N 1 h 10.32.26.124 ignore 19 Feb 2022 00:26:36 GMT 10.32.10.44 GET / HTTP/1.1 502 73 N 1 h 10.32.26.124 ignore 19 Feb 2022 00:26:36 GMT 10.32.10.44 GET / HTTP/1.1 502 73 N 1 h 10.32.26.124 ignore 19 Feb 2022 00:26:36 GMT 10.32.10.44 GET / HTTP/1.1 504 73 N 1 h 10.32.26.124 ignore 19 Feb 2022 00:26:36 GMT 10.32.10.44 GET / HTTP/1.1 511 73 N 1 h 10.32.26.124 ignore 19 Feb 2022 00:26:36 GMT 10.32.10.44 GET / HTTP/1.1 508 73
your query selects not only HTTP statuses 5XX but all lines that contains 500-511 number. Try one of the solutions below:
Solution-1: try to use more specific query like this one :
{job="cbas-dev-logs"} |~ "HTTP/1.1 (500|501|502|503|504|505|506|507|508|509|510|511)"
Update: I have tried and it works for me.
Example for 500-511 codes:
Solution-2: use patter parser, so your query will look:
{job="cbas-dev-logs"} | pattern "<_> <_> <_> <_> <_> <_> <_> <_> <_> <_> <_> <status> <_>" | status >= 500 and status <= 511
here is an example of the results:
Moreover, using pattern parser you can use status in the aggregation functions.
- helm template escaped values for Grafana charts
- Remove a part of a log in Loki
- Loki json logs filter by detected fields from grafana
- Loki Promtail pipeline template cant find variables
- How To Import Multiple Grafana Dashbords via A Helm Chart
- How to extract a substring from a label value in promql?
- Custom TimeSeries in Grafana
- Merging 2 sql queries into 1
- Handle JSONParserErr with line_format
- Grafana panel refresh on variable change
- Aggregating Counts in AWS Timestream Error Causes Errors
- Perform avg_over_time grouping by a field which is modified in grafana
- Millisecond time grouping issue
- What is the default username and password for Grafana login page?
- Use variable grafana in query with LIKE
- How to create a Grafana Dashboard for my OpenTelemetry instruments > Collector > Tempo setup
- how to reset "alerting" state in Grafana
- pq: could not resize shared memory segment. No space left on device
- grafana table panel unable to sort by columns
- Grafana - InfluxDB 2 - Label/Alias data
- How do I write a Prometheus query that returns the value of a label?
- How to get the label of "boolean" metrics from PromQL to Grafana Vizualization
- Variable Difference over time (PostgreSQL, Grafana)
- Sum over time of 1d, limit to last 7d, counter as a value
- grafana connecting datasource elasticsearch with index pattern
- InfluxDB + Grafana: Status codes by time
- grafana y axis starting at random value (non zero) when query is filtered by threshold
- How to avoid "vector cannot contain metrics with the same labelset" error when plotting rate() from several metrics (same labelset, different names)
- Values not matching in same Grafana dashboard
- PostgreSQL, time series - Looking for a way to omit timestamps if a row contains one or more zeroes