Loki Query performance reduced after moving parser to alloy agent

outofboundsloki · October 30, 2025, 6:16am

Hello All

We have a distributed/scalable Loki instance running . we were collecting IIS logs and EKS logs.

Rather than running a parser on All the collected IIS Logs ,we wrote a parser and moved it to Alloy agent . it was parsing the IIS logs into client IP, query ,HTTP Status etc .

We assumed that having All the fields readily available will make the query performance better .

Unfortunately, It got a whole lot worse …

While querying 60 GB of EKS logs returns in 3 secs, while querying 500 Mb of ISS logs takes more than 30 secs .

Is there any suggestion to improve performance or a way around the problem

tonyswumac · November 3, 2025, 11:35pm

In general you want fewer labels, and the values you decide to parse for labels you want the values to be bounded (see Label best practices | Grafana Loki documentation).

Client IP and query, in your example, definitely aren’t suited to be made into labels.

Topic		Replies	Views
Performance issue Grafana Loki	1	1152	December 1, 2020
Questions about Loki, LogQL and JSON parsed fields Grafana Loki loki	4	12664	November 27, 2020
Queries Process to many Bytes Grafana Loki	8	2396	August 24, 2022
Loki compute sizing and query (topk) performance Grafana Loki loki , performance	4	2881	March 16, 2024
How to improve Loki Performance Grafana Loki	6	18163	March 17, 2022

Loki Query performance reduced after moving parser to alloy agent

Related topics