Not sure what I am doing wrong here, because this seems like a basic case for metrics from logs. I’m trying to create a panel that is a table of ips and their count in the query range. I have tried many things, but the closest I have gotten is this:
count by(ip) (rate({job=“$job”, service=“$service”} |= $filter | regexp (?P<ip>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}) | error=`` [30m]))
The result of this query is seperate datasets for each extracted ip, with the fields being “Time” and the resulting count for that time. I figure I am either:
A. Doing the query wrong, is this a case were I need unwrap?
B. Need to do something else now to join the datasets
Using loki 3.1 and Grafana 11. Thanks for the advice.
The result of this query is seperate datasets for each extracted ip, with the fields being “Time” and the resulting count for that time
I guess you’re seeing multiple tables in Table visualization? You can use a transformation Reduce with option Series to Rows (default one) and calculation from the time series.
Explanation:
I’m not certain but I guess your query creates time series. You cannot display a time series in a table (at least not in the way you’d like), therefore you have to pick a certain number (Total / Max / Last) from the series to have a compact table you’d (probably) like.
1 Like
Yes! That is exactly what I was looking for, and your explanation makes sense. Thanks!
1 Like