How to show the absense of logs in Loki with LogQL?
The picture shows the log activity of a system, produced by following LogQL query:
sum(count_over_time({job="ET10"} |= "Station 1" [1m]))
When the system is not running (due to a failure), it does unfortunately not produce a appropriate log line, but of course it stops log activity.
How can I show that a system is not running, by querying for "missing" logs?
First I tried to see the activity as bool:
sum(count_over_time({job="ET10"} |= "Station 1" [1m])) > bool 0
And then I tried to negate it:
sum(count_over_time({job="ET10"} |= "Station 1" [1m])) < bool 1
It does not work as expected, because I get no response for the time after approx. 2:30, because there are no logs. I just get a response within the logging time, e.g. between the green bars, which is not what I want.
I want something like this:
Found the solution:
absent_over_time({job="ET10"} |= "Station 1" [5m])
