Grafana Drilldown->Logs (loki) how to filter with regex pattern?

Hello,

I have nginx logs being pushed to loki and my logs are in json format. Eg log as below,

{
    "geoip_country_code": "India",
    "remote_addr": "xxx",
    "status": "304",
    "request_uri": "/wp-content/themes/plover/assets/fonts/cardo/cardo_normal_700.woff2",
    "msec": "1753763245.751",
    "connection": "46456",
    "connection_requests": "3",
    "pid": "2945474",
    "request_id": "a63d54d32023d25aed205bd85cd97a94",
    "request_length": "568",
    "remote_user": "",
    "remote_port": "56749",
    "time_local": "29/Jul/2025:09:57:25 +0530",
    "time_iso8601": "2025-07-29T09:57:25+05:30",
    "request": "GET /wp-content/themes/plover/assets/fonts/cardo/cardo_normal_700.woff2 HTTP/1.1",
    "args": "",
    "body_bytes_sent": "0",
    "bytes_sent": "191",
    "http_referer": "xxx",
    "http_user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.5 Safari/605.1.15",
    "http_x_forwarded_for": "",
    "http_host": "xx",
    "server_name": "_",
    "request_time": "0.038",
    "upstream": "[xxx]:443",
    "upstream_connect_time": "0.026",
    "upstream_header_time": "0.038",
    "upstream_response_time": "0.038",
    "upstream_response_length": "0",
    "upstream_cache_status": "",
    "ssl_protocol": "TLSv1.3",
    "ssl_cipher": "TLS_AES_128_GCM_SHA256",
    "scheme": "https",
    "request_method": "GET",
    "server_protocol": "HTTP/1.1",
    "pipe": ".",
    "gzip_ratio": "",
    "http_cf_ray": ""
} 

In grafana field request_uri is extracted correctly.

Using Drilldown->Logs option how can I use regex feature to exclude logs that has request_uri value that contains “wp-content” ?

I tried as below but its not filtering what I want.

image1603×638 82.1 KB

Any thoughts?

Anything in the actual log line is a field in loki, and not a label, if you move that filter into the fields variable it should work as expected. Take a look at the fields and labels tabs to see the breakdown.

Also in the top right of the logs panel there’s a logs|table|json toggle, the json viz should make it easier to filter on specific key values in your json logs. Try using that json Viz to exclude a specific request_uri and then convert that filter that gets generated to a regex filter.

You mean like below right? but it still not working.

image1903×652 104 KB

When I try this, I get, I think i need to upgrade loki before I can try this.

image1914×902 114 KB

oh my apologies, unlike how regex behaves in the line filters, field/label matchers need to specify a regex that will match the entire string (see Log queries | Grafana Loki documentation for more information).

Try request_uri !~ ".+wp-content.+"

still not working,

image1910×577 89.6 KB

If you open the logs details by clicking on one of the log lines, does request_uri show as a field? Please share a screenshot if you can.

image2058×1244 348 KB

Also what version of Grafana and Logs drilldown are you running?

Also the quotes shouldn’t be in the value, it should look like this:

image1920×1392 172 KB

Thank you, that fixed my issue.

image729×237 16.8 KB