Logs Not Parsing Properly into Table in Grafana from Loki – Need Help with Real-time Table Visualization

Hi Grafana Community,

I’m currently using Grafana with Loki and I have a log line that looks like this:

• Grafana version - Version 8.0.0

• Loki version - loki, version HEAD-1b627d8 (branch: HEAD, revision: 1b627d880)
  go version: go1.19.2
  platform: linux/amd64

Sample log line

12345 12000 root S 130m 1x.1 x 0.x /usr/p1; 4444 1 root S 111m 11.x 1 x.x /usr/p2; ...

This log is ingested as a single log line representing top 10 CPU-consuming processes in a semicolon-separated format. Each entry includes fields like PID, PPID, USER, STATE, MEMORY, CPU%, CORE, IO, and COMMAND.

My goal is to:

• Display this log line as a real-time table panel in Grafana.
• Show only the most recent log entry in the panel.
• Split each process entry into a row and its fields into table columns (like PID, CPU%, Command, etc.)

What I’ve Tried:

• Using table panel with Fields > Transform settings.
• Tried different LogQL queries and transformation plugins like Parse, Extract Fields, Reduce, and Outer Join.
• Explored DataFrames and Labels to Fields but unable to split and map each process properly.
• I’m using Loki version < 2.8, so I cannot use unwrap.

Configuration:

• Loki deployed via Docker/systemd.
• Promtail is sending logs from a local file.
• Logs are ingested correctly but table transformation doesn’t work as expected.

Any advice on how I can:

• Parse these semicolon-separated process records?
• Display them in a table showing only the latest log line?
• Whether any plugin or newer Loki version (≥2.8) with unwrap would help?

Thank you!

care to share the transformation you are using? and what the data looks like once in Loki and when viewed in grafana pre transformation?

Thanks