metricsopen-telemetrygrafana-lokilogql
LogQL sum by __line__
I use opentelemetry to send logs to Loki, and thus I get very nicely formatted log entries that are easy to query on:
Now I want to get some statistics out of the logs about login activity:
sum by(__line__) (
count_over_time({} | scope_name = "UserAuthenticator" | label_format level=detected_level [5m])
)
The problem is by(__line__) does not work. Nor does __line, line, log, body, message. What is the magic keyword to group by the log text template?
Solution
As @markalex wrote, we can create a new label using the label_format, and then sum by that:
sum by(line) (
count_over_time({}
| scope_name = "UserAuthenticator"
| label_format level=detected_level
| label_format line=`{{__line__}}`
[5m])
)