In Grafana Cloud, I have a Loki data source with many log lines in an arbitrary format. Let's say they're in the form of: MyValue1: 0.1, MyValue2: 0.3. I want to show the values of MyValue1 and MyValue2 on a time-series graph, with each value shown at the corresponding line's time (the time is saved in Loki when the line is received).
To achieve this, I extract the values as labels using a regex log parser, in this case the regex is MyValue1: (?P<myval1>\d+\.*\d*), MyValue2: (?P<myval2>\d+\.*\d*). It works, and the labels myval1 and myval2 are added to each line.
I create a Time Series visualizer with the Data Source set to the logs. Without any transformations, in "Table View" mode, a table is shown, with each line having a time column, and a labels column with i.e. { "myval1": "0.1", "myval2": "0.3" }. After adding an "Extact Fields" transformation with "Source" set to "labels", the table is tranformed to have two new string-type columns, "myval1" and "myval2", with correct values.
I am struggling in the next step, however. I assume the string values need to be converted to number values, the graph needs to be setup to show those values at their correspodning times. However, adding a seemingly-correct "Convert Field Type" transformation results in the entire table disappearing.
What am I doing wrong, and how can I show these table values on a graph?
Note: I am using Grafana Cloud and its online GUI, not self-hosted Grafana and/or CLI.
A simple solution I found for graphing 2 values on one line:
If your log file looks like this
MyValue1: 0.1, MyValue2: 0.3
MyValue1: 0.14, MyValue2: 0.34
MyValue1: 0.24, MyValue2: 0.39
you can get a time series graph of first value using the following
max_over_time({filename="/var/tmp/mylogs/mylog.log"} |= ``
| pattern "MyValue1: <value1>, MyValue2: <_>"
| unwrap value1 [1m])
then in a separate query in the same gui, add a variation for 2nd value:
max_over_time({filename="/var/tmp/mylogs/mylog.log"} |= ``
| pattern "MyValue1: <_>, MyValue2: <value2>"
| unwrap value2 [1m])
You can even add a 3rd query to modify the values:
# multiply the value by 0.001
max_over_time({filename="/var/tmp/mylogs/mylog.log"} |= ``
| pattern "MyValue1: <_>, MyValue2: <value2>"
| label_format value2="{{mulf .value2 .001}}"
| unwrap value2 [1m])
or create an entirely new field
# graphs the new 'product' field
max_over_time({filename="/var/tmp/myfiles/afile.log"} |= ``
| pattern "MyValue1: <t1>, MyValue2: <t2>"
| line_format "product={{mulf .t1 .t2}}"
| logfmt
| line_format "final_product={{mulf .product .t2}}"
| logfmt
| unwrap final_product
| __error__ = ""[$__interval]) by (time)