Hi,
I have an access log ingested into loki and I’m trying to identify abnormal client activity (basically I’m trying to find the top 10 client IP addresses that appear in the logs)
the log is json formated with client_ip feild so I tried:
topk by (client_ip) (10, count_over_time(({log="access"} | json)[5m]))
but I’m hitting the maximum series limit (I increased the limit 10 times from the default)
maximum of series (5000) reached for a single query
I’m guessing that I’ve missed some part of the LogQL documentation but I’m not sure what it is.
Regards,
V