We have syslog logs forwarded via Logstash Output Loki plugin.
How do we extract fields from logs into custom labels/filters.
You have two choices:
-
Parse logs live on Loki. You can do this via LogQL, which is quite good.
-
You can parse logs in logstash and set labels there as well.
You do want to avoid overdoing it on labels if you parse on logstash, see Label best practices | Grafana Loki documentation for some general guidelines.