Issues with building Query Grafana loki

Hello Everyone,
I started using Grafana with Loki lately to build dashboards. I’m currently running OpenVPN on my OPNSense. I am trying to build a dashboard for that on Grafana. I was able to do the following:

• Format the logs and send it to Loki using promtail:
  so the logs being sent to Loki are in the following format
  

  

  image987×803 76.2 KB

• This how the logs looks like in Grafana
  

  

  image2187×1138 408 KB

So basically every 10s, promtail sends the log entries to Loki, I am trying to create a query to show
a list of the connected users over the time. I was able to create this table

image1819×1062 97.2 KB

But the issue is that the values are not unique, I want the table to have a unique list of all connected users. I tried to use other transformations like group by and reduce and i end up with this.

image1814×1102 42.6 KB

The other information is removed from the table.
How can I get the table to have list unique connected users with all the columns I want?

Usually when building a dashboard in time series format you end up with a list of streams, each with their set of labels, and each has exactly one value. But in your table image it looks like you are interested in two values, bytes_received and bytes_sent.

I would try this (don’t know if this would work or not, haven’t tested):

1. Query number 1, sum bytes_received over time, aggregate by username and perhaps virtual_address, like so:

sum by (username, virtual_address) (
  sum_over_time({<SELECTOR>} | json | unwrap bytes_received [$__interval])
)

2. Query number 2, sum bytes_sent over time, aggregate by username and perhaps virtual_address, like so:

sum by (username, virtual_address) (
  sum_over_time({<SELECTOR>} | json | unwrap bytes_sent [$__interval])
)

3. Join them in Grafana dashboard using transformation.

There are probably better ways to do this, but this is what comes to mind