Having the following query:
{container_name="dal-api"} |= `update_score_day5` | logfmt | json score="score_service" |(score > 8)
I was able to retrieve all logs containing scores above 8
how can i aggregate results and present all different score values like
1(score value): 22(logs count)
2(score value): 14(logs count)
3(score value): 33(logs count)
If you apply some form of aggregation over time, you can then use result as a metric in all the usual promQL-alike approaches.
So here, I'd recommend using count_over_time as over time aggregation to get the number of log entries over selected time period. And then aggregationg results over score with sum by:
sum by(score) (
count_over_time(
{container_name="dal-api"}
|= update_score_day5
| logfmt
| json score="score_service"
[1d])
)