Loki's Query to retreive top 10 of the data

Grafana Loki
1

Hi there,

i’m new to Loki. usually, I use elastic as the data source and I’m curious to how can i configure Loki to display the top 10 data like this?

image
image708×144 8.87 KB

i tried using this query but the code below still 2 while i expect there is only 1

The query: topk(1, count by(status) (count_over_time({job="application"} | json | method != "" [$__auto])))

image

not only that. i also found that there is inconsistent data about this codes. you can see in the picture below

when i pull the data from the last 1H, the 404 got 8.
image

but when i pull the data from the last 3H, the 404 got 6. how is this possible?
image

2

Couple of things to try:

  1. You should probably use sum by and not count by (for example, topk(1, sum by(status) (count_over_time({job="application"} | json | method != "" [$__auto]))) )
  2. In Options (directly below where you enter the query), you’ll want to make sure you set query type to instant
  3. In your query option you’ll want to make sure the maximum number of data point is 1.
  4. Lastly, in your query you might want to change $__auto to $__interval.

I suspect you are seeing multiple items because you are still displaying a time series data frame, rather than all data aggregated. Try the above and see if it works for you.

3

may i know What is the difference between sum by and count by? My goal is to display the status code and the corresponding count of records. Thanks

for point number 4, I got no data when I changed it to $__interval so I turned it back to $__auto

oh, maybe I forgot to mention I’m using Grafana v11.0

4

If you do count by you’d be counting the number of metrics of the nested query. Let’s say your count_over_time() query returns the following results on a given time frame:

timestamp | application | < other label > | values (this is the result of count_over_time)
| app1 | <…> | 1
| app1 | <…> | 1
| app2 | <…> | 2
| app2 | <…> | 2
| app3 | <…> | 3

A count by (application) of above will return app1 = 2, app2 = 2, app3 = 1. A sum by (appplication) of above will return app1 = 2, app2 = 4, app3 = 3.

5

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.