Following the tutorial to alert based on LogQL. Let’s say I use the following alert rule Alerting | Grafana Labs. The expression will match some log lines. I know how to use the gathered labels in my Alert template ( $.Labels), but how can I actually use the matched log line within my alert?
Hi @dejonge The expression you use on alerting can never match log lines. You can run only metric queries (returning instant vector) on the alert expression.
Does this answer your question?
Right, but for example the following loki alert rule:
sum by (host, project_name, message) (count_over_time({job="varlogs", level="ERROR"}[5m]) > 0)
I can use the labels I am summing by within my Alert template ($.Labels.message). However, I sometime want to sum not by message, but still want to use that label in my template, eg:
sum by (host) (count_over_time({job="varlogs", filename=~"/var/log/nginx/error.log|/var/log/mysql/error.log"}[5m])) > 0
This will match some log line, and I want to use the content of that log line within my alert for more context. I can now only log a message saying ‘an error logged in mysql or nginx’ but without any context. Any way to do this?
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.