Evening all,
I’ve been working on this for hours and I can’t figure it out, so hoping someone can help!
I am using Loki to ingest .log file data from some networking devices. Example log line:
2020-11-21T11:45:13,021 <4>Nov 21 11:45:15 UniFiUSG kernel: [WAN_LOCAL-default-D]IN=pppoe2 OUT= MAC= SRC=8.8.8.8 DST=1.1.1.1 LEN=40 TOS=0x00 PREC=0x00 TTL=177
ID=27396 PROTO=TCP SPT=49525 DPT=2470 WINDOW=1024 RES=0x00 SYN URGP=0
On the Loki data source, I have set up derived fields to extract the fields that I need from the log lines.
I have set up a couple of pannels as below:
Query: {job=“USG”} |~ “\w+_\w±\w±D”
Query: count_over_time({job=“USG”}[1m])
Transform: Organise fields to hide a few columns…
Great so far. Very happy with my first steps in Grafana… However I’ve hit a roadblock with my next requirement.
I need to create a bar chart that will display the count for each unique IP address in the ‘SourceIP’ column/field. The vertical (y-axis) would be the count, and the horizontal (x-axis) would be ‘SourceIP’.
I thought it might be as simple as using an ‘organise fields’ transformation to hide everything other than ‘SourceIP’, and then a ‘add field from calculation’ transformation to add a count… but no!
Any help woud be greatly appreciated, I’m sure it’s simple when you know how, but I just can’t figure it out!