I use Loki and Grafana to show logs I receive from an application.
The logs have a field that uses variables and those variables are in other fields of the log. I want Grafana to re-format the message field so it appears without the placeholders in the dashboard and with the actual variable values!
Here is a clear example of what I am trying to achieve:
{ "timestamp": "ZZ:YY:XX", "message": "The user: {.User} has a code: {.Code}", "properties": { "User": "username123", "Code": "762" }}
Another log could be:
{ "timestamp": "ZZ:YY:XX", "message": "A new project: {.Project} has been named: {.Name}", "properties": { "Project": "SuperNiceProject", "Name": "ARandomName"}}
I want those logs to show in the dashboard as:
{ "timestamp": "ZZ:YY:XX", "message": "The user: username123 has a code: 762", "properties": { "User": "username123", "Code": "762" }}
{ "timestamp": "ZZ:YY:XX", "message": "A new project: SuperNiceProject has been named: ARandomName", "properties": { "Project": "SuperNiceProject", "Name": "ARandomName"}}
There are multiple ways to manipulate logs but I have not been able to find a way to do this “dynamically”, has anyone done something similar?
If you try hard enough you might be able to write a valid json message with line_format, but if you have to put in that much work to manipulate your logs I’d recommend you to reconsider the approach. In my opinion it would make much more sense for the source to produce useful logs (in your case by actually writing out the value of the variables rather than {.Name}), unless there is programmatic reasons it cannot do so. Having to do heavy substitutions in logs is rather unstable in my opinion, and will probably break rather easily.
