Hello, I have an NGINX log stream that’s consumed by fluent bit and sent to loki with extra kubernetes labels. The raw log line looks like this
{
"time": "2025-02-24T01:50:26.80345792Z",
"stream": "stdout",
"_p": "F",
"log": "47.29.201.179 - - [28/Feb/2019:13:17:10 +0000] \"GET /?p=1 HTTP/2.0\" 200 5316 \"https://domain1.com/?p=1\" \"Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36\"",
"kubernetes": {
"pod_name": "pod-name",
"namespace_name": "namespace",
"pod_id": "uuid",
"labels": {
"app": "app",
"pod-template-hash": "template-hash",
"variant": "pod-variant"
},
"host": "host-name",
"pod_ip": "1.1.1.1",
"container_name": "container-name",
"docker_id": "dockerid",
"container_hash": "container has",
"container_image": "container image"
}
}
The real log is located in the log field in the JSON. What I want to do is only extract the NGINX log and create a table with headers that can explain each NGINX log field. For example
| req_ip | req_time | HTTP req | etc.
This is my current logql
{app="app", variant="pod-variant"} | json nginx_log="log" | line_format "{{.nginx_log}}" | pattern `<req_ip> - - [<log_timestamp>] "<request>" <req_http_status> <req_body_size> "<http_referer>" "<http_user_agent>"`
With this query, I am able to get only the NGINX log part and extract the labels from the NGINX log. However, when I change my visualization to Table, the listed columns are labels, Time, Line, tsNs, and id.
Is there any way I can use the labels extracted from pattern function as my Table Headers?