Hi there,
i’m new to Loki. usually, I use elastic as the data source and I’m curious to how can i configure Loki to display the top 10 data like this?
i tried using this query but the code below still 2 while i expect there is only 1
The query: topk(1, count by(status) (count_over_time({job="application"} | json | method != "" [$__auto])))
not only that. i also found that there is inconsistent data about this codes. you can see in the picture below
when i pull the data from the last 1H, the 404 got 8.
but when i pull the data from the last 3H, the 404 got 6. how is this possible?
Couple of things to try:
- You should probably use
sum by and not count by (for example, topk(1, sum by(status) (count_over_time({job="application"} | json | method != "" [$__auto]))) )
- In
Options (directly below where you enter the query), you’ll want to make sure you set query type to instant
- In your query option you’ll want to make sure the maximum number of data point is 1.
- Lastly, in your query you might want to change $__auto to
$__interval.
I suspect you are seeing multiple items because you are still displaying a time series data frame, rather than all data aggregated. Try the above and see if it works for you.
may i know What is the difference between sum by and count by? My goal is to display the status code and the corresponding count of records. Thanks
for point number 4, I got no data when I changed it to $__interval so I turned it back to $__auto
oh, maybe I forgot to mention I’m using Grafana v11.0
If you do count by you’d be counting the number of metrics of the nested query. Let’s say your count_over_time() query returns the following results on a given time frame:
timestamp | application | < other label > | values (this is the result of count_over_time)
| app1 | <…> | 1
| app1 | <…> | 1
| app2 | <…> | 2
| app2 | <…> | 2
| app3 | <…> | 3
A count by (application) of above will return app1 = 2, app2 = 2, app3 = 1. A sum by (appplication) of above will return app1 = 2, app2 = 4, app3 = 3.
