Aggregate by JSON Array Field

tonyswumac · January 12, 2023, 8:22pm

Consider the following log lines (assume one single line):

{
  "timestamp": "<TS>",
  "client_ip": "<IP>",
  "event_ids": [
    "event1","
    "event2"
  ]
}

Is it possible to somehow aggregate and group by client_ip and event_ids? In this example it would essentially be two groups, (, “event1”) and (, “event2”).

yosiasz · January 17, 2023, 6:42pm

are you talking about doing this in Loki? or some other way?

tonyswumac · January 17, 2023, 6:56pm

In Loki, yeah. I do have a feature request to add some sort of split function to Promtail as a workaround: Add Split Filter to Promtail · Issue #7998 · grafana/loki · GitHub

What I am currently doing is use logstash to do the split before sending logs to Loki, effectively duplicating logs for number of delimited fields. Definitely convoluted, and was wondering if anyone has a better solution.

system · January 17, 2024, 6:57pm

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to aggregate data by JSON field to build Stacked Chart of values per each field name? Grafana Loki	1	667	May 31, 2022
Metric queries from Loki aggregated by each key in a list Grafana Loki	1	312	September 1, 2023
Can Loki be used to perform data aggregation from a log file? Configuration	4	93	May 30, 2024
Grouping not allowed for count_over_time aggregation Grafana Loki loki , query-help	3	3796	November 18, 2023
Loki group by label value Grafana Loki	6	10166	May 8, 2024

Aggregate by JSON Array Field

Related topics