My stdout of logs looks something like this - all string format:
[customer1-name] - log line etc etc etc
[customer2-name] - log line etc etc etc
[customer3-name] - log line etc etc etc
[customer4-name] - log line etc etc etc
I want to create a simple dashboard that shows top 5 active customers based on filtering these log lines (I know its not 100% accurate but this is a metric I’m ok with, for now - the more log lines [customer-x] has the more he is active in the system)
I am able to filter it using this regex:
{app="platform"} |~ `\[[a-zA-Z0-9-]+\]`
after a long time playing with it I probably can get count but missing one step of the puzzle - to show the customer name:
sum by (customer) (count_over_time({app="platform"} | regexp "customer=(?P<customer>\\[[a-zA-Z0-9-]+\\])"[5m]))
returns me this:
what am I missing here?