API query creates single stream but multiple values. How can I prevent that?

Grafana Loki
,
1

Hi all,

I’m trying to ensure that my test query list all results without compression. Here is my query:
curl -G -s “http://localhost:3100/loki/api/v1/query_range
–data-urlencode
'query={application=“lawful_intercept”} | distinct level| logfmt ’
–data-urlencode ‘limit=5000’ --data-urlencode ‘start=2024-04-04T14:35:00+00:00’ --data-urlencode ‘end=2024-04-24T23:36:14+00:00’ | jq

Now: I get some results like:
{
“stream”: {
“BID”: “”,
“DA”: “8.8.8.8:0”,
“GW”: “10.200.1.36”,
“HOST”: “”,
“IF”: “eth0.10”,
“IFS”: “eth0.10”,
“MAC”: “00:00:00:EC:EC:EC”,
“MET”: “OTHER”,
“ODA”: “8.8.8.8:0”,
“OF”: “eth1”,
“OSA”: “10.200.1.40:0”,
“PRO”: “1”,
“SA”: “10.200.1.40:0”,
“TM”: “0.0”,
“UA”: “”,
“UID”: “”,
“URI”: “”,
“application”: “lawful_intercept”,
“connection_hostname”: “localhost,localhost.localdomain.,localhost4,localhost4.localdomain4.,TruOS4-Loki1,loki”,
“facility”: “local4”,
“host”: “SG-1”,
“hostname”: “SG-1”,
“job”: “syslog”,
“level”: “informational”
},
“values”: [
[
“1713946162179537189”,
“GW=10.200.1.36 TM=0.0 IF=eth0.10 OF=eth1 IFS=eth0.10 UID= BID= MAC=00:00:00:EC:EC:EC PRO=1 OSA=10.200.1.40:0 ODA=8.8.8.8:0 SA=10.200.1.40:0 DA=8.8.8.8:0 MET=OTHER HOST= UA= URI=\n”
],
[
“1713946144978619182”,
“GW=10.200.1.36 TM=0.0 IF=eth0.10 OF=eth1 IFS=eth0.10 UID= BID= MAC=00:00:00:EC:EC:EC PRO=1 OSA=10.200.1.40:0 ODA=8.8.8.8:0 SA=10.200.1.40:0 DA=8.8.8.8:0 MET=OTHER HOST= UA= URI=\n”
],
[
“1713946099029082444”,
“GW=10.200.1.36 TM=0.0 IF=eth0.10 OF=eth1 IFS=eth0.10 UID= BID= MAC=00:00:00:EC:EC:EC PRO=1 OSA=10.200.1.40:0 ODA=8.8.8.8:0 SA=10.200.1.40:0 DA=8.8.8.8:0 MET=OTHER HOST= UA= URI=\n”
],

What I’m getting at is that the stream has the data, on a single value line. However, I want each value line to have a seperate stream.

What options can I add in the query to ensure that.

Regards,

Michael

2

you can handle this inside grafana with a few steps:

extract the values:

image
image719×443 21.3 KB

then you can extract the data from the values:

image
image1661×1145 50.4 KB

3

Yes I’m aware that grafana can show the logs as a per line log entry.

I’m having to call it from an external system via api for other processing purposes.

So if there are some options via api call to do the same thing that would be the best.

4

i used your json payload in the infinity datasource as inline, but you can change that to url, to use the actual api url…

5

Hi,

How is this not an api url? Don’t actually understand your statement. Are you saying use the grafana gui?

curl -G -s “http://localhost:3100/loki/api/v1/query_range”
–data-urlencode
'query={application=“lawful_intercept”} | distinct level| logfmt ’
–data-urlencode ‘limit=5000’ --data-urlencode ‘start=2024-04-04T14:35:00+00:00’ --data-urlencode ‘end=2024-04-24T23:36:14+00:00’ | jq

Regards

6

I do not have access to your api that you are calling, so to simulate your data i used your payload output as an example, but on your side it will be the api call…