I came across - using regex results results in high cpu consumption and impacts loki performance, can anyone suggest the best possible way we can make it more optimistic query,
I see execution time value is getting appended with new line character, this results in unwrap throwing error while converting it to float, we can get rid of this by adding pattern | pattern “<_> executionTime: \n”
why are we seeing this difference,and not in explore logs? is it known behaviour? how can we eliminate this kind of characters, in our pattern expression,
That would be from your logs. Loki doesn’t inject any newline character, nor does Explorer.
If you don’t know when your logs would have the newline character, then probably switching back to regex would be better.
In general, Loki’s performance comes from distribution. If you are not running single container, you should make sure query splitting is working. If you are using single container, perhaps consider migrating to simple scalable mode so you can scale if needed.
thanks for responding,
assuming we have tons of logs matching executionTime and scraping them as a label to perform metric query, does this effect cardinality or indexing anyway?
I’m just trying to understand this way like,which has advantage -
pushing executionTime label directly to loki → we can use this label to perfrom metric query
or
not adding this as a label and perform log level operation to scrape this label and performing operation on it.
Yes it does. It is recommended to have a “bounded” values for labels, and if you use execution time which can be any floating number it will impact your query performance.
I would recommend real time parsing for things like this.
