Hello All
We have a distributed/scalable Loki instance running . we were collecting IIS logs and EKS logs.
Rather than running a parser on All the collected IIS Logs ,we wrote a parser and moved it to Alloy agent . it was parsing the IIS logs into client IP, query ,HTTP Status etc .
We assumed that having All the fields readily available will make the query performance better .
Unfortunately, It got a whole lot worse …
While querying 60 GB of EKS logs returns in 3 secs, while querying 500 Mb of ISS logs takes more than 30 secs .
Is there any suggestion to improve performance or a way around the problem