I am parsing logs and then aggregating them to pull our system usage information. I have logs that get printed like templates, and I was wondering if I can create multiple series from one query. For example:
Logs:
“Loading data for Application X from Source: A”
“Loading data for Application Y from Source: B”
“Loading data for Application X from Source: B”
“Loading data for Application X from Source: A”
“Loading data for Application Z from Source: C”
“Loading data for Application X from Source: B”
LogQL
sum(count_over_time({app=“log-name”} |~ “Loading data for Application \w from Source: \w” [1m]))
This LogQL produces one series in grafana, charting all data loads for all apps from all sources. But I would like to see 3 series - one for each application (A,B,C).
regex to extract the data into labels.
sum by () to sum across unique label combinations.
In your example:
sum by (source) (count_over_time({app=“log-name”} |~ “Loading data for Application \w from Source: \w” | regex "Loading data for Application (?P<application>\\w+) from Source: (?P<source>\\w+)" [1m]))
Thanks for the reply. I think the regex sum still only gets me the sum across the label (example “source”) in one series. How do I get separate series to display for each value of the “source” variable?
Sorry. I should have tested before posting. regexp not regex
Is this what you want:
sum by (source) (count_over_time({app="log-name"} |~ "Loading data for Application \\w from Source: \\w" | regexp "Loading data for Application (?P<application>\\w+) from Source: (?P<source>\\w+)" [1m]))