Hey everyone!
I’m working with Loki 3.3 and Grafana 11.3.1. Here’s what I’m trying to do:
I have 3 relays, each receiving messages that are collected by fluentd and sent to Loki. Messages can be either forwarded or dropped by each relay for various reasons. Right now, I’m collecting all messages with this query:
{service="msg", type="error"} |= dropping the message | json
Each message has a uniq msg_id, but it persistent over relays. I want to show on my dashboard only those messages that were dropped by at least 2 relays . Messages can arrive at relays within a 5-minute window.
I tried grouping and counting like this:
count(sum by (msg_id) (count_over_time({service=“msg”, type=“error”} |= dropping the message | json [5m]))) > 2
but this query only shows the count. How can I get the actual logs instead?
Looking forward to your help! 