Merge 2 Queries to Include Both Data in an Alert

teddybear13tb · May 5, 2024, 2:30pm

In Grafana cloud, I am using Loki in the alerts, to extract exceptions of the jobs from the logs.
Following the query that would extract the exception:

count_over_time({namespace=“data-services”, cluster=“p21d”, job=~“data-services/abc.*”} |~ (?i)exception | pattern <exception> [500h])

Following an example of the generated alert:

I have another query where it extracts the tenant:

count_over_time({namespace=“data-services”, cluster=“p21d”, job=~“data-services/abc.*”} |~
tenant '.*' | pattern `<_> tenant ‘’` [500h])

The tenant and the exception are not in the same log line, each one is in a different line.

I’m looking to include both the tenant and exception information in the same query so that I can extract the tenant and the exception in the alert would be more informative. However, since the tenant and exception are logged on separate lines, I’m currently unable to achieve this with a single Loki query.

Any advice or workarounds would be greatly appreciated.

tonyswumac · May 6, 2024, 8:10pm

Can you provide an example of your original logs?

If your tenant information is on a separate line, perhaps you could consider using multi-line logs so you have all the information you need in one line?

Topic		Replies	Views
Extract data from logs and include them in the email alert Grafana Loki	3	330	April 9, 2024
LogQL query merging multiple result labels into one? Grafana Loki loki , query-help	2	277	September 20, 2024
Add a Parameter in the Alert Title Grafana Loki	1	87	May 10, 2024
Including full log error message in alert notification using Loki Grafana Loki alerting , logs	14	9600	September 22, 2024
Alerts missing log lines from a query Alerting alerting , loki , query-help	1	51	August 6, 2024

Merge 2 Queries to Include Both Data in an Alert

Related topics