Custom label generation

Data Source: loki

I am exposing application log as a container and label is also as container.
log line looks like below.

“sourceIdentifier”: “SI”,
“eventName”: “EN”,
“eventDescription”: “ED”,
“eventAttributes”: [{
“name”: “Socket”,
“value”: “ba06ce8d”
}, {
“name”: “adapterInstance”,
“value”: “server”
}, {
“name”: “severity”,
“value”: “Minor”

Now how can I create custom label “severity” from the above log line and use it as a dashboard filter?

Any suggestions please.

This is an interesting problem that I don’t think has an easy answer. Hopefully someone more knowledgable can come up with something clever.

Although LogQL’s json filter can flatten nested JSON, it does not flatten lists (I assume it’s because elements in list don’t need to be unique). So I don’t think there is a satisfying answer here from LogQL. You can try to tackle this from the log pipeline. FluentD or Logstash have ways to process nested json (see Split filter plugin | Logstash Reference [8.9] | Elastic).

1 Like